HP Tru64 UNIX Multiple Local and Remote Buffer Overflow Vulnerabilities

HP has reported multiple local and remote buffer overflow vulnerabilities in various binaries that ship with Tru64 UNIX. HP has also announced an undisclosed denial of service issue in /usr/sbin/ping, which is covered in the advisory and addressed in the included fixes.

A number of these utilities may potentially be exploited by an attacker to execute code with elevated privileges or to cause a denial of service condition. In the instance of the local buffer overflows, exploitation of some of these binaries may not yield any extra privileges for the attacker, if they are not installed setuid/setgid. With remote buffer overflows, successful exploitation may allow an attacker to execute arbitrary code with the privileges of the user running the utility or server.


Privacy Statement
Copyright 2010, SecurityFocus