{"vuid":"VU#647438","idnumber":"647438","name":"HP-UX FTP daemon is vulnerable to a buffer overflow","keywords":["HP-UX","buffer overflow","FTP daemon","/etc/inetd.conf","-v switch","debug logging"],"overview":"The HP-UX FTP daemon (ftpd) contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code.","clean_desc":"The HP-UX FTP daemon (ftpd) is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is enabled if the -v flag is present next to the ftpd entry in the inetd.conf (/etc/inetd.conf) configuration file. If an unauthenticated remote attacker supplies the FTP daemon with a specially crafted command, they may be able to trigger a stack-based buffer overflow. Please note that the debug logging option is disabled by default.","impact":"If an unauthenticated, remote attacker supplies the FTP daemon with a specially crafted command, that attacker may be able to execute arbitrary code with the privileges of the FTP daemon, typically root.","resolution":"Apply Patch HP has released the following patches to correct this issue: HP-UX B.11.00: PHNE_29460\nHP-UX B.11.04: PHNE_31034\nHP-UX B.11.11: PHNE_29461\nHP-UX B.11.22: PHNE_29462 HP customers are encouraged to go to the lT Resource Center to download these patches.","workarounds":"Disable Debug Logging The debug logging option is disabled by default. However, if it is enabled, disable it by removing the -v option from the ftpd command within the service inetd.conf configuration file.","sysaffected":"","thanks":"This vulnerability was reported by iDEFENSE Security.","author":"This document was written by Jeff Gennari.","public":["http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities","http://secunia.com/advisories/13608/","http://securitytracker.com/alerts/2004/Dec/1012650.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-12-22T15:37:16Z","publicdate":"2004-12-21T00:00:00Z","datefirstpublished":"2005-02-25T16:50:19Z","dateupdated":"2005-02-25T16:50:36Z","revision":58,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"4","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"12","cam_impact":"17","cam_easeofexploitation":"5","cam_attackeraccessrequired":"10","cam_scorecurrent":"3.4425","cam_scorecurrentwidelyknown":"4.39875","cam_scorecurrentwidelyknownexploited":"8.22375","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":3.4425,"vulnote":null}