| VID |
16053 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The HP-UX ftpd contains a glob() expansion STAT buffer overflow vulnerability.
Hewlett Packard's HP-UX ftpd version 11.04 or prior contain a stack-based buffer overflow condition. The overflow occurs when the STAT command is issued with an argument that expands into an oversized string after being processed by glob(). It may be possible for remote attackers to exploit this vulnerability and execute arbitrary code on the affected host.
To exploit this, the attacker must be able to create directories on the target host.
* References:
http://www.nai.com/research/covert/advisories/048.asp
http://www.cert.org/advisories/CA-2001-07.html
http://www.securityfocus.com/advisories/3456
* Platforms Affected:
HP-UX 10.01, 10.10, 10.20, 11.00
HP-UX 10.24 (VVOS), 11.04 (VVOS) |
| Recommendation |
Apply the appropriate patch for your system, available from the Hewlett Packard's web site, http://itrc.hp.com
HP HP-UX 10.01: HP Patch PHNE_23947
HP HP-UX 10.10: HP Patch PHNE_23947
HP HP-UX 10.20: HP Patch PHNE_23948
HP HP-UX (VVOS) 10.24: HP Patch PHNE_24394
HP HP-UX 11.00: HP Patch PHNE_23949
HP HP-UX (VVOS) 11.0.4: HP Patch PHNE_24395
A workaround is to disable the ftp service until patches are available. If this is not feasible, restrict access to the service. Ensure that anonymous users cannot create or write to any directories.
For information on the Security Patch Check tool for the HP-UX, see:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
The security patch matrix is also available via anonymous ftp:
ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix |
| Related URL |
CVE-2001-0248 (CVE) |
| Related URL |
2552 (SecurityFocus) |
| Related URL |
6332 (ISS) |
|
