Vulnerability Note VU#124352
HP-UX kermit contains local buffer overflow that allows denial-of-service
The HP-UX version of kermit contains a buffer overflow that allows local users to prevent other users from running kermit.
Kermit is a file transfer protocol that has been implemented by Hewlett-Packard for use on their systems. On December 21, 2000, HP released a security bulletin regarding a local buffer overflow that affects the kermit client present in HP-UX versions 10.01, 10.10, 10.20, and 11.00.
This vulnerability allows local users to create a denial of service attack that prevents other users from running the kermit program.
HP has provided patches for each of the affected versions; please see the vendor section of this document for further details.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett Packard||Affected||-||05 Apr 2001|
CVSS Metrics (Learn More)
This document was written by Jeffrey P. Lanza.
- CVE IDs: CAN-2001-0085
- Date Public: 21 Dec 2000
- Date First Published: 17 Jan 2001
- Date Last Updated: 18 Jul 2001
- Severity Metric: 0.93
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.