Title: Hewlet Packard HP-UX Portable File System Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
PFS (Portable File System) allows access to multiple CD-ROM filesystems.
HP-UX running PFS (Portable File System) is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
The vulnerability resides in the 'pfs_mountd.rpc' daemon, which is remotely accessible over TCP or UDP. An attacker can exploit this issue by submitting two maliciously crafted packets over UDP to the affected daemon. The first packet to trigger the issue must be sent to call procedure 5 followed by a payload to procedure 2.
The attacker may exploit this issue to execute arbitrary code on an affected computer with superuser privileges. Successful exploits will result in a complete compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This vulnerability was initially reported as a privilege-escalation issue. Newly available information shows that this issue is a buffer-overflow vulnerability. This BID has been updated to reflect the changes.
Affected Products:
- HP HP-UX B.11.00
- HP HP-UX B.11.11
- HP HP-UX B.11.23
References:
- HP: HP-UX Homepage
- HP: HPSBUX02203 SSRT071339 rev.1 - HP-UX Running Portable File System (PFS), Remote
- iDefense Labs: iDefense Security Advisory 04.12.07: Hewlett Packard HP-UX Remote pfs_mountd.rpc
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
