Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

HP-UX ftpd glob() Expansion STAT Command Remote Overflow

Critical

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

A buffer overflow in FTP server in HPUX 11 and previous allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

Solution

Upgrade or patch according to vendor recommendations.