A problem exists in some versions of the HP-UX kernel allowing an intruder to cause kernel panics.
Certain versions of HP-UX setrlimit system call contain a vulnerability that permits an intruder to cause kernel panics or compromise the system. Quoting from HP Security Bulletin #0183:
The HP-UX kernel incorrectly specifies arguements for setrlimit() and can produce unexpected panics.
According to the HP bulletin, this problem affects HP 9000 series servers running HP-UX 11.11. For more information see,
Registration may be required to view this bulletin.
An intruder may be able to cause a denial of service by causing a kernel panic. Additionally, the HP bulletin says "servers could be locally compromised," suggesting the ability to run arbitrary code.
PHKL_26233 as specified in the HP bulletin.
Vendor| Status| Date Notified| Date Updated
Hewlett-Packard Company| | -| 28 Mar 2002
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Our thanks to Hewlett Packard for security bulleting #0183, upon which this document is based.
This document was written by Shawn V. Hernan.