Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability

2007-12-17T00:00:00
ID ZDI-07-079
Type zdi
Reporter Tenable Network Security
Modified 2007-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard HP-UX operating system. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the function sw_rpc_agent_init (opcode 0x04) defined in swagentd. Specific malformed arguments can cause function pointers to be overwritten and thereby result in arbitrary code execution.