SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#124352

HP-UX kermit contains local buffer overflow that allows denial-of-service

Overview

The HP-UX version of kermit contains a buffer overflow that allows local users to prevent other users from running kermit.

I. Description

Kermit is a file transfer protocol that has been implemented by Hewlett-Packard for use on their systems. On December 21, 2000, HP released a security bulletin regarding a local buffer overflow that affects the kermit client present in HP-UX versions 10.01, 10.10, 10.20, and 11.00.

II. Impact

This vulnerability allows local users to create a denial of service attack that prevents other users from running the kermit program.

III. Solution

HP has provided patches for each of the affected versions; please see the vendor section of this document for further details.

Systems Affected
VendorStatusDate NotifiedDate Updated
Hewlett PackardVulnerable5-Apr-2001

References

http://www.securityfocus.com/bid/2170

Credit

This document was written by Jeffrey P. Lanza.

Other Information

Date Public:2000-12-21
Date First Published:2001-01-17
Date Last Updated:2001-07-18
CERT Advisory: 
CVE-ID(s):CAN-2001-0085
NVD-ID(s):CAN-2001-0085
US-CERT Technical Alerts: 
Severity Metric:0.93
Document Revision:14

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader