SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#647438

HP-UX FTP daemon is vulnerable to a buffer overflow

Overview

The HP-UX FTP daemon (ftpd) contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code.

I. Description

The HP-UX FTP daemon (ftpd) is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is enabled if the -v flag is present next to the ftpd entry in the inetd.conf (/etc/inetd.conf) configuration file. If an unauthenticated remote attacker supplies the FTP daemon with a specially crafted command, they may be able to trigger a stack-based buffer overflow.

Please note that the debug logging option is disabled by default.

II. Impact

If an unauthenticated, remote attacker supplies the FTP daemon with a specially crafted command, that attacker may be able to execute arbitrary code with the privileges of the FTP daemon, typically root.

III. Solution

Apply Patch


HP has released the following patches to correct this issue:


    HP-UX B.11.00: PHNE_29460
    HP-UX B.11.04: PHNE_31034
    HP-UX B.11.11: PHNE_29461
    HP-UX B.11.22: PHNE_29462

HP customers are encouraged to go to the lT Resource Center to download these patches.

Disable Debug Logging

The debug logging option is disabled by default. However, if it is enabled, disable it by removing the -v option from the ftpd command within the service inetd.conf configuration file.

Systems Affected
VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyVulnerable24-Feb-2005

References


http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities
http://secunia.com/advisories/13608/
http://securitytracker.com/alerts/2004/Dec/1012650.html

Credit

This vulnerability was reported by iDEFENSE Security.

This document was written by Jeff Gennari.

Other Information

Date Public:2004-12-21
Date First Published:2005-02-25
Date Last Updated:2005-02-25
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:3.44
Document Revision:54

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader