HPUX ftpd User Inputted Format String Stack Overwrite Vulnerability

A vulnerability exists in the handling of user inputted data in the ftp daemon included by Hewlett-Packard as part of its HPUX operating system. By passing format strings as the argument to the PASS ftp command, it is possible to overwrite values on the stack. Additionally, by passing the proper arguments, it is possible to conduct an attack similar to a traditional buffer overflow.


 

Privacy Statement
Copyright 2010, SecurityFocus