HP-UX Portable File System Lets Remote Users Gain Root Access
|
|
SecurityTracker Alert ID: 1017893 |
|
SecurityTracker URL: http://securitytracker.com/id/1017893
|
|
CVE Reference:
CVE-2007-1993
(Links to External Site)
|
Updated: May 16 2008
|
Original Entry Date: Apr 10 2007
|
Impact:
Execution of arbitrary code via network, Root access via network
|
Vendor Confirmed: Yes
|
Version(s): B.11.00, B.11.11 and B.11.23
|
Description:
A vulnerability was reported in HP-UX when running Portable File System. A remote user can gain elevated privileges.
A remote user can send two specially crafted packets via UDP to trigger a buffer overflow in 'pfs_mountd.rpc' and execute arbitrary code with root privileges.
The vendor was notified on October 25, 2004.
HP credits iDefense Labs with reporting this vulnerability.
|
Impact:
A remote user can gain root privileges on the target system.
|
Solution:
HP recommends that users discontinue the use of PFS.
The HP advisory is available at:
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00913684
|
Vendor URL: www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00913684 (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 10 Apr 2007 07:42:34 -0400
Subject: HPSBUX02203 SSRT071339 rev.1 - HP-UX Running Portable File System (PFS), Remote Increase in Privilege
|
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00913684
|
|
