HP Tru64 UNIX multiple binaries have buffer overflows

tru64-multiple-binaries-bo (10016)

High Risk

Description:

Hewlett-Packard (formerly Compaq) Tru64 UNIX is vulnerable to buffer overflows in multiple binaries. A remote or local attacker could exploit these buffer overflows to execute code on the system with elevated privileges or cause the system to crash.

For a list of affected binaries refer to the Compaq SECURITY BULLETIN SRB0039W. See References.

Note: HP 9000 series 700/800 systems running HP-UX versions 10.20, 11.00, 11.04, 11.11 and 11.22 running CDE are also vulnerable.

Consequences:

Gain Privileges

Remedy:

Apply the appropriate patch for your system, as listed in Compaq SECURITY BULLETIN SRB0039W. See References.

For HP-UX 10.20, 11.00, 11.04, 11.11, and 11.22:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0306-263. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

• BugTraq Mailing List, Thu Sep 19 2002 - 15:44:43 CDT: Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3..
• BugTraq Mailing List, Thu Sep 19 2002 - 16:09:41 CDT: iDEFENSE OSF1/Tru64 3.x vuln clarification.
• CIAC Information Bulletin M-118: HP Tru64 Unix Multiple Vulnerabilities.
• CIAC Information Bulletin N-102: Hewlett-Packard Potential Security Vulnerabilities in CDE.
• Compaq SECURITY BULLETIN SRB0039W: HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service .
• IBM Internet Security Systems X-Force Database: CDE ToolTalk rpc.ttdbserverd _TT_CREATE_FILE() heap buffer overflow.
• IBM Internet Security Systems X-Force Database: CDE ToolTalk rpc.ttdbserverd _TT_TRANSACTION() symlink.
• IBM Internet Security Systems X-Force Database: CDE ToolTalk rpc.ttdbserverd _TT_ISCLOSE() improper validation.
• IBM Internet Security Systems X-Force Database: Multiple vendor DNS resolver library buffer overflow.
• IBM Internet Security Systems X-Force Database: HP Tru64 UNIX /usr/bin/ipcs buffer overflow.
• IBM Internet Security Systems X-Force Database: HP Tru64 UNIX /bin/su buffer overflow.
• IBM Internet Security Systems X-Force Database: SunRPC xdr_array buffer overflow.
• Strategic Reconnaissance Team Security Advisory(SRT2002-09): Compaq Tru64 Unix Mulitple Buffer Overflows. (From Neohapsis archive)
• BID-5599: HP Tru64 UNIX Multiple Local and Remote Buffer Overflow Vulnerabilities
• BID-5647: HP Tru64 NLSPATH Environment Variable Local Buffer Overflow Vulnerability
• BID-7720: CDE DTSession Unspecified Privilege Escalation Vulnerability
• CVE-2002-1604: Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
• CVE-2002-1605: Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession.
• CVE-2002-1606: Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain privileges via (1) lpc, (2) lpd, (3) lpq, (4) lpr, or (5) lprm.
• CVE-2002-1607: Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
• CVE-2002-1608: Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
• CVE-2002-1609: Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
• CVE-2002-1611: Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
• CVE-2002-1612: Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
• CVE-2002-1613: Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
• CVE-2002-1614: Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at.
• CVE-2002-1615: Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader.
• US-CERT VU#115731: HP Tru64 UNIX quot contains buffer overflow (SSRT2191)
• US-CERT VU#158499: HP Tru64 UNIX csh contains buffer overflow (SSRT2275)
• US-CERT VU#173977: HP Tru64 UNIX ps contains buffer overflow (SSRT2256)
• US-CERT VU#293305: HP Tru64 UNIX lprm contains buffer overflow (SSRT2260)
• US-CERT VU#408771: HP Tru64 UNIX mailcv contains buffer overflow (SSRT2193)
• US-CERT VU#416427: HP Tru64 UNIX deliver contains buffer overflow (SSRT2275)
• US-CERT VU#435611: HP Tru64 UNIX at contains buffer overflow (SSRT2189)
• US-CERT VU#437899: HP Tru64 UNIX uux contains buffer overflow (SSRT2275)
• US-CERT VU#448987: HP Tru64 UNIX uucp contains buffer overflow (SSRT2275)
• US-CERT VU#506441: HP Tru64 UNIX .upd..loader contains buffer overflow (SSRT2275)
• US-CERT VU#531355: HP Tru64 UNIX rdist contains buffer overflow (SSRT2275)
• US-CERT VU#557481: HP Tru64 UNIX lpq contains buffer overflow (SSRT2275)
• US-CERT VU#567963: HP Tru64 UNIX imapd contains buffer overflow (SSRT2275)
• US-CERT VU#584243: HP Tru64 UNIX dtsession contains buffer overflow (SSRT2282)
• US-CERT VU#592515: HP Tru64 UNIX inc contains buffer overflow (SSRT2275)
• US-CERT VU#602009: HP Tru64 UNIX binmail contains buffer overflow (SSRT0796U)
• US-CERT VU#629289: HP Tru64 UNIX traceroute contains buffer overflow (SSRT2261)
• US-CERT VU#651377: HP Tru64 UNIX "lpr" contains buffer overflow (SSRT2275)
• US-CERT VU#693803: HP Tru64 UNIX dxpause contains buffer overflow (SSRT2275)
• US-CERT VU#706817: HP Tru64 UNIX ypmatch contains buffer overflow (SSRT2277)
• US-CERT VU#846307: HP Tru64 UNIX dxsysinfo contains buffer overflow (SSRT2275)
• US-CERT VU#955065: HP Tru64 UNIX lpd contains buffer overflow (SSRT2275)
• US-CERT VU#965097: HP Tru64 UNIX lpc contains buffer overflow (SSRT2260)

Platforms Affected:

• Compaq Tru64 4.0f
• Compaq Tru64 4.0g
• Compaq Tru64 5.0a
• Compaq Tru64 5.1
• Compaq Tru64 5.1a
• HP HP-UX 10.20
• HP HP-UX 11.00
• HP HP-UX 11.04
• HP HP-UX 11.11
• HP HP-UX 11.22

Reported:

Aug 31, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page