search menu icon-carat-right cmu-wordmark

CERT Coordination Center

HP-UX FTP daemon is vulnerable to a buffer overflow

Vulnerability Note VU#647438

Original Release Date: 2005-02-25 | Last Revised: 2005-02-25

Overview

The HP-UX FTP daemon (ftpd) contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code.

Description

The HP-UX FTP daemon (ftpd) is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is enabled if the -v flag is present next to the ftpd entry in the inetd.conf (/etc/inetd.conf) configuration file. If an unauthenticated remote attacker supplies the FTP daemon with a specially crafted command, they may be able to trigger a stack-based buffer overflow.

Please note that the debug logging option is disabled by default.

Impact

If an unauthenticated, remote attacker supplies the FTP daemon with a specially crafted command, that attacker may be able to execute arbitrary code with the privileges of the FTP daemon, typically root.

Solution

Apply Patch


HP has released the following patches to correct this issue:

HP-UX B.11.00: PHNE_29460
HP-UX B.11.04: PHNE_31034
HP-UX B.11.11: PHNE_29461
HP-UX B.11.22: PHNE_29462

HP customers are encouraged to go to the lT Resource Center to download these patches.

Disable Debug Logging


The debug logging option is disabled by default. However, if it is enabled, disable it by removing the -v option from the ftpd command within the service inetd.conf configuration file.

Vendor Information

647438
 
Affected   Unknown   Unaffected

Hewlett-Packard Company

Updated:  February 24, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This vulnerability was reported by iDEFENSE Security.

This document was written by Jeff Gennari.

Other Information

CVE IDs: None
Severity Metric: 3.44
Date Public: 2004-12-21
Date First Published: 2005-02-25
Date Last Updated: 2005-02-25 16:50 UTC
Document Revision: 54

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.