HP-UX bdf/df Buffer Overflow Vulnerabilities

There is a buffer overflow in the setuid utility /usr/bin/bdf that causes the program to exit with a memory fault when an argument to the -t option is supplied with more than 2415 characters (this number may vary - it has been demonstrated that 2599 characters are needed on an HP-UX 10.20 installation). It is not clear from the information that we have whether or not this is exploitable. It has been reported that the df(1M) program exhibits similar behaviour as well.


Privacy Statement
Copyright 2010, SecurityFocus