Security Bug in Legacy Unix HP-UX

Aug 10, 2007

Jan Rähm

A security bug has been discovered in Hewlett Packard's HP-UX Unix version; there are no plans to remove it.

Security researchers iDefense disclosed that attackers can exploit a buffer overflow bug in the "ldcconn" module to execute arbitrary code. The module is part of the "HP Controller for Cisco Local Director" configuration tool and runs on TCP port 17781 via "inetd". An attacker can provoke a buffer overflow by sending an overly long command string to this port.

The bug affects HP-UX Version 11.x systems sold after the year 2000. According to HP there are no plans to remove the bug as the HP controller is no longer maintained. Administrators are advised to use other configuration tools or migrate to a more recent system.

News

Password Management Services Vulnerable to Attack

Should you trust an online service to store your online passwords?
New Raspberry Pi Adds Two USB Ports

New B+ board lets you build cool things without the complication of a powered USB hub.
Microsoft Grabs No-IP.com Domains

Redmond rushes in to root out alleged malware haven.
Firefox Steps into 3D

New initiative will bring futuristic virtual reality effects to the web surfing experience.
New Trojan Targets Online Banking

Dyreza malware launches a man-in-the-middle attack that compromises SSL.
HP Rolls Out Massive Cloud Network

New cloud combines worldwide access with local attention to data security.
New Attack Targets Wireless Logins

A first cousin of the recent Heartbleed attack affects EAP-based wireless and peer-to-peer authentication.
Geeks Petition for Free Lenovo BIOS

FOSS community acts to protect freedom of choice for laptop devices.
Firefox Says Yes to DRM

Quintessential open source browser shores up its market share with a step toward the proprietary dark side.
Webcam Hijackers Busted

Authorities in 16 countries take action against users of the imfamous BlackShades malware tool.