HP-UX FTP daemon is vulnerable to a buffer overflow

2005-02-25T00:00:00
ID VU:647438
Type cert
Reporter CERT
Modified 2005-02-25T00:00:00

Description

Overview

The HP-UX FTP daemon (ftpd) contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code.

Description

The HP-UX FTP daemon (ftpd) is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is enabled if the -v flag is present next to the ftpdentry in the inetd.conf (/etc/inetd.conf) configuration file. If an unauthenticated remote attacker supplies the FTP daemon with a specially crafted command, they may be able to trigger a stack-based buffer overflow.

Please note that the debug logging option is disabled by default.


Impact

If an unauthenticated, remote attacker supplies the FTP daemon with a specially crafted command, that attacker may be able to execute arbitrary code with the privileges of the FTP daemon, typically root.


Solution

Apply Patch

HP has released the following patches to correct this issue:

HP-UX B.11.00: PHNE_29460
HP-UX B.11.04: PHNE_31034
HP-UX B.11.11: PHNE_29461
HP-UX B.11.22: PHNE_29462
HP customers are encouraged to go to the lT Resource Center to download these patches.


Disable Debug Logging

The debug logging option is disabled by default. However, if it is enabled, disable it by removing the -v option from the ftpd command within the service inetd.conf configuration file.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Hewlett-Packard Company| | -| 24 Feb 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

Credit

This vulnerability was reported by iDEFENSE Security.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: Unknown
  • Date Public: 21 Dec 2004
  • Date First Published: 25 Feb 2005
  • Date Last Updated: 25 Feb 2005
  • Severity Metric: 3.44
  • Document Revision: 54