The HP-UX version of kermit contains a buffer overflow that allows local users to prevent other users from running kermit.
Kermit is a file transfer protocol that has been implemented by Hewlett-Packard for use on their systems. On December 21, 2000, HP released a security bulletin regarding a local buffer overflow that affects the kermit client present in HP-UX versions 10.01, 10.10, 10.20, and 11.00.
This vulnerability allows local users to create a denial of service attack that prevents other users from running the kermit program.
HP has provided patches for each of the affected versions; please see the vendor section of this document for further details.
This document was written by Jeffrey P. Lanza.
|Date First Published:||2001-01-18|
|Date Last Updated:||2001-07-18 20:15 UTC|