SecurityTracker.com Archives - HP Tru64 UNIX /usr/bin/ksh Flaw Lets Local Users Consume All CPU Processing Time

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Join our Affiliate Program

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: OS (UNIX) > ksh

Vendors: HP (Compaq)

HP Tru64 UNIX /usr/bin/ksh Flaw Lets Local Users Consume All CPU Processing Time

SecurityTracker Alert ID: 1007071

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Updated: Jun 27 2003

Original Entry Date: Jun 27 2003

Impact: Denial of service via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): HP Tru64 UNIX 5, 5.1A, and 5.1B

Description: A vulnerability was reported in HP Tru64 UNIX in the KornShell (/usr/bin/ksh). A local user can introduce denial of service conditions.

It is reported that in certain system configurations, a local user can abruptly close a telnet session to cause the ksh process to continue to run. This can cause the process to consume up to 100% of CPU processing time, according to HP.

HP notes that the flaw can be triggered by a local user closing a telnet window by clicking on the upper right hand "X" box (as an example).

The flaw reportedly occurs when a startup script or a script executed within the current shell process contains a trap(1) definition.

Impact: A local user can consume 100% of the available CPU processing resources.

Solution: The vendor has released an ECO patch for several versions of HP Tru64 UNIX

ECO Name: T64V51BB1-C0017400-19077-E-20030625
ECO Kit Approximate Size: 2.19MB
Kit Applies To: HP Tru64 UNIX 5.1B PK1 (BL1)

http://ftp.support.compaq.com/patches/public/unix/v5.1b/t64v51bb1 -c0017400-19077-e-20030625.README

ECO Name: T64V51AB21-C0125600-19079-E-20030625

ECO Kit Approximate Size: 2.58MB
Kit Applies To: HP Tru64 UNIX 5.1A PK4 (BL21)

http://ftp.support.compaq.com/patches/public/unix/v5.1a/t64v51ab21-c0125600-19079-e-20030625.README

ECO Name: T64V51AB3-C0125800-19078-E-20030625

ECO Kit Approximate Size: 2.58MB

Kit Applies To: HP Tru64 UNIX 5.1A PK3 (BL3)

http://ftp.support.compaq.com/patches /public/unix/v5.1a/t64v51ab3-c0125800-19078-e-20030625.README

ECO Name: T64V51B20-C0181200-19080-E-20030625
ECO Kit Approximate Size: 2.77MB
Kit Applies To: HP Tru64 UNIX 5.1 PK6 (BL20)

http://ftp.support.compaq.com/patches/public/unix/v5.1/t64v51b20-c0181200-19080-e-20030625.README

Vendor URL: ftp.support.compaq.com/patches/public/unix/v5.1b/t64v51bb1-c0017400-19077-e-20030625.README (Links to External Site)

Cause: Exception handling error, State error

Underlying OS: UNIX (Tru64)

Reported By: system PRIVILEGED account <root@stage1.cxo.cpqcorp.net>

Message History: None.

Source Message Contents

 

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2002, SecurityGlobal.net LLC