CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#124352

HP-UX kermit contains local buffer overflow that allows denial-of-service

Overview

The HP-UX version of kermit contains a buffer overflow that allows local users to prevent other users from running kermit.

I. Description

Kermit is a file transfer protocol that has been implemented by Hewlett-Packard for use on their systems. On December 21, 2000, HP released a security bulletin regarding a local buffer overflow that affects the kermit client present in HP-UX versions 10.01, 10.10, 10.20, and 11.00.

II. Impact

This vulnerability allows local users to create a denial of service attack that prevents other users from running the kermit program.

III. Solution

HP has provided patches for each of the affected versions; please see the vendor section of this document for further details.

Systems Affected
VendorStatusDate Updated
Hewlett PackardVulnerable5-Apr-2001

References


http://www.securityfocus.com/bid/2170

Credit

This document was written by Jeffrey P. Lanza.

Other Information

Date Public12/21/2000
Date First Published01/17/2001 07:17:47 PM
Date Last Updated07/18/2001
CERT Advisory 
CVE NameCAN-2001-0085
Metric0.93
Document Revision14

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2001 Carnegie Mellon University