Hewlett Packard Information for VU#569272

System V derived login contains a remotely exploitable buffer overflow

Status

Affected

Vendor Statement

HP-UX is NOT Exploitable. It is NOT a security issue with HP-UX. HP-UX does have a benign buffer overflow which is the only reason HP-UX is listed as "effected" above. In any case, the buffer overflow has been fixed by HP.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

We have confirmed with Hewlett-Packard that the flaw is present. Hewlett-Packard has indicated that they were unable to develop an exploit for this flaw, however, we do not believe that this is sufficient evidence to conclude that HP systems are not vulnerable.

If you have feedback, comments, or additional information about this vulnerability, please send us email.