HP-UX kermit contains local buffer overflow that allows denial-of-service

Overview

The HP-UX version of kermit contains a buffer overflow that allows local users to prevent other users from running kermit.

Description

Kermit is a file transfer protocol that has been implemented by Hewlett-Packard for use on their systems. On December 21, 2000, HP released a security bulletin regarding a local buffer overflow that affects the kermit client present in HP-UX versions 10.01, 10.10, 10.20, and 11.00.

---

Impact

This vulnerability allows local users to create a denial of service attack that prevents other users from running the kermit program.

---

Solution

HP has provided patches for each of the affected versions; please see the vendor section of this document for further details.

---

Vendor Information

124352

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Hewlett Packard __ Affected

Updated: April 05, 2001

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

HP has released a Security Bulletin to address this issue; for further information, please visit <http://itrc.hp.com> and search for “HPSBUX0012-135”. Please note that registration may be required to access this document.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23124352 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

<http://www.securityfocus.com/bid/2170&gt;

Acknowledgements

This document was written by Jeffrey P. Lanza.

Other Information

CVE IDs:	CVE-2001-0085
Severity Metric:	0.93 Date Public: