• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

HP-UX Software Distributor SWAsk Local Format String Vulnerability

HP-UX is prone to a local format-string vulnerability because it fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A local attacker may exploit this issue to execute arbitrary machine code in the context of the affected application. Since the application executes by default with superuser privileges, successfully exploiting this issue will result in a computer compromise.

This issue was originally disclosed as part of BID 18098 (HP-UX Software Distributor Unspecified Local Privilege Escalation Vulnerability), but has been assigned a separate record because of new information.