HP-UX ftpd glob() Expansion STAT Buffer Overflow Vulnerability

Hewlett Packard's HP-UX ftp daemon contains a stack-based buffer overflow condition. The overflow occurs when the STAT command is issued with an argument that expands into an oversized string after being processed by glob().

It may be possible for attackers to exploit this vulnerability and execute arbitrary code on the affected host. This could be accomplished in a typical buffer overflow manner, by replacing a function return address with a value pointing to supplied shellcode.

To exploit this, the attacker must be able to create directories on the target host.


 

Privacy Statement
Copyright 2010, SecurityFocus