HP TCP/IP Services for OpenVMS Finger客户端格式串漏洞

BUGTRAQ ID: 30948 CNCAN ID：CNCAN-2008090303 HP OpenVMS是一款HP Integrity或AlphaServer服务器中使用的操作系统。 HP OpenVMS finger客户端存在格式串问题，远程攻击者可以利用漏洞对应用程序权限执行任意指令。 HP OpenVMS finger客户端不正确过滤输入，构建特殊的格式串作为参数数据，可导致内存破坏攻击，造成拒绝服务或者任意代码执行攻击。 HP TCP/IP Services for OpenVMS 5.3 HP TCP/IP Services for OpenVMS 5.6 HP TCP/I...

Design/Logic Flaw

The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a 1 .plan or 2 .project file...

CVE-2008-3946

The CVE-2008-3946 entry affects the finger client in HP TCP/IP Services for OpenVMS 5.x. The vulnerability enables local users to read arbitrary files by requesting a link corresponding to a .plan or a .project file. This is a local, low-complexity issue with complete confidentiality impact on th...

CVE-2008-3940

CVE-2008-3940 describes a format string vulnerability in the finger client of HP TCP/IP Services for OpenVMS 5.x. Local users can gain privileges by supplying crafted content in either the ".plan" or the ".project" file, exploiting format string specifiers. The vulnerability affects the finger cl...