Vulnerability Note VU#124352

HP-UX kermit contains local buffer overflow that allows denial-of-service

Original Release date: 17 Jan 2001 | Last revised: 18 Jul 2001

Overview

The HP-UX version of kermit contains a buffer overflow that allows local users to prevent other users from running kermit.

Description

Kermit is a file transfer protocol that has been implemented by Hewlett-Packard for use on their systems. On December 21, 2000, HP released a security bulletin regarding a local buffer overflow that affects the kermit client present in HP-UX versions 10.01, 10.10, 10.20, and 11.00.

Impact

This vulnerability allows local users to create a denial of service attack that prevents other users from running the kermit program.

Solution

HP has provided patches for each of the affected versions; please see the vendor section of this document for further details.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett PackardAffected-05 Apr 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: CAN-2001-0085
  • Date Public: 21 Dec 2000
  • Date First Published: 17 Jan 2001
  • Date Last Updated: 18 Jul 2001
  • Severity Metric: 0.93
  • Document Revision: 14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.