HP DCED epmap Remote Overflow

2004-07-22T15:09:41
ID OSVDB:8188
Type osvdb
Reporter Jeremy Jethro(jjethro@si.rr.com)
Modified 2004-07-22T15:09:41

Description

Vulnerability Description

Hewlett Packard HP-UX, Tru64 and OpenVMS contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the DCED implementation's endpoint mapper (epmap) not checking stub data input. This allows an attacker to send a specially crafted request that could overflow the buffer and allow for arbitrary commands to be executed with the same privileges as the running daemon.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Hewlett-Packard has released a patch to address this vulnerability.

Short Description

Hewlett Packard HP-UX, Tru64 and OpenVMS contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the DCED implementation's endpoint mapper (epmap) not checking stub data input. This allows an attacker to send a specially crafted request that could overflow the buffer and allow for arbitrary commands to be executed with the same privileges as the running daemon.

References:

Vendor Specific Solution URL: http://support.entegrity.com/private/patches/dce/ssrt4741.asp Other Advisory URL: http://www.atstake.com/research/advisories/2004/a072204-1.txt Keyword: HPSBUX0311-299 Keyword: TCP Port 135 CVE-2004-0716 CERT VU: 259796