HP-UX SWVerify Buffer Overflow Vulnerability

HP-UX is the UNIX Operating System variant distributed by Hewlett-Packard, available for use on systems of size varying from workgroup servers to enterprise systems.

A problem has been discovered in the operating system that can allow a local user to gain elevated privileges. swverify contains a buffer overflow which is exploitable upon receiving 6039 bytes as an argument. The swverify program is setuid root, which allows a local user to execute code as root, potentially gaining administrative access to the vulnerable system.


 

Privacy Statement
Copyright 2010, SecurityFocus