|
Multiple HP Tru64 C Library Vulnerabilities
HP has recently issued fixes for numerous security vulnerabilities in the implementation of the C library for Tru64. These vulnerabilities may affect many programs with a variety of consequences including local privilege escalation, denial of service and, remote root compromise. This entry may be modified during analysis as some of the reported vulnerabilities are already in the Symantec vulnerability database. The reported vulnerabilities are: - SSRT2322 Bind resolver exploit in ISC - SSRT2384 TCP exploit denies all RPC service - SSRT2341 calloc() potential overflow - SSRT2439 xdrmem_getbytes() potential overflow - SSRT2412 portmapper hang after port scan with C2 enabled The list of affected executables follows: /usr/bin/ypmatch /usr/sbin/traceroute /usr/sbin/lpc /usr/bin/lprm /usr/bin/lpq /usr/bin/lpr /usr/lbin/lpd /usr/bin/binmail /usr/bin/ipcs /usr/sbin/quot /usb/bin/at /usr/bin/ps /usr/bin/uux /usr/bin/uucp /usr/bin/csh /usr/bin/rdist /usr/bin/mh/inc /usr/bin/mh/msgchk /usr/sbin/imapd /usr/bin/deliver /sbin/.upd..loader /usr/dt/bin/mailcv /usr/dt/bin/dtterm /usr/dt/bin/dtsession /usr/dt/bin/rpc.ttdbserverd /usr/bin/X11/dxterm /usr/bin/X11/dxconsole /usr/bin/X11/dxpause /usr/bin/X11/dxsysinfo /usr/sbin/telnetd /usr/bin/su /usr/bin/chsh /usr/bin/passwd /usr/bin/chfn /usr/tcb/bin/dxchpwd |
|
|
Privacy Statement |
