HP-UX FTP Server Debug Logging Mode Buffer Overflow Vulnerability

HP-UX FTP Server Debug Logging Mode Buffer Overflow Vulnerability

Solution:
The original advisory from iDEFENSE listed patches for specific versions of HP-UX. On December 23, 2004, HP re-issued advisory HPSBUX0107-162 (originally published in 2001) stating that the fixes listed in the advisory correct this issue. However, the patch numbers listed in the advisory are different than what was included in the iDEFENSE report.

HP has released advisory HPSBUX01118 - SSRT4883 on February 8th, 2005 dealing with this issue. The patches provided in this advisory match those reported by iDEFENSE. Users are advised to update their products with these patches as soon as possible.

HP HP-UX B.11.11

HP PHNE_29461
http://itrc.hp.com

HP HP-UX B.11.22

HP PHNE_29462
http://itrc.hp.com

HP HP-UX B.11.00

HP PHNE_29460
http://itrc.hp.com

HP HP-UX B.11.04

HP PHNE_31034
http://itrc.hp.com

HP HP-UX 10.0 1

HP PHNE_23947
http://itrc.hp.com

HP HP-UX 10.10

HP PHNE_23947
http://itrc.hp.com

HP HP-UX 10.20

HP PHNE_23948
http://itrc.hp.com

HP HP-UX (VVOS) 10.24

HP PHNE_24394
http://itrc.hp.com

HP HP-UX 11.0

HP PHNE_23949
http://itrc.hp.com

HP HP-UX 11.11

HP PHNE_23950
http://itrc.hp.com