Security Bug in Legacy Unix HP-UX

Aug 10, 2007

Jan Rähm

A security bug has been discovered in Hewlett Packard's HP-UX Unix version; there are no plans to remove it.

Security researchers iDefense disclosed that attackers can exploit a buffer overflow bug in the "ldcconn" module to execute arbitrary code. The module is part of the "HP Controller for Cisco Local Director" configuration tool and runs on TCP port 17781 via "inetd". An attacker can provoke a buffer overflow by sending an overly long command string to this port.

The bug affects HP-UX Version 11.x systems sold after the year 2000. According to HP there are no plans to remove the bug as the HP controller is no longer maintained. Administrators are advised to use other configuration tools or migrate to a more recent system.

Related content

Rdesktop: Remote Control with Security Holes

Security researchers iDefense have disclosed three vulnerabilities in the Rdesktop Remote Client.

more »
Advisory Check 2.20 with More Feeds and HP-UX

Advisory Check (advchk), a small tool for monitoring installed software security, is now available in version 2.20. It has extended its source feeds and is now supported on HP-UX.

more »
Lynis Shell Skript Checks Unix Security

The first step towards improving a system's security, is discovering the status quo. Lynis, a small command line program helps users do so.

more »
Vulnerabilities in Xine-Lib and Mplayer

Vulnerabilities have been discovered in two major media players for Linux. A Xine-Lib vulnerability also affects Mplayer.

more »
Holes in Firewall-1

Spanish security researchers have discovered several vulnerabilities in the "Firewall-1" security solution by software vendor Checkpoint, and are now questioning its Common Criteria EAL4+ certification.

more »

comments powered by Disqus

Issue 30: Getting Started with Linux/Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99

(incl. VAT)

DevOps

Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.

News

Linux Comes to Windows

Run multiple Linux distributions in Windows 10.
Docker Embraces Kubernetes

Docker , Kubernetes , orchestration

Docker is now offering Kubernetes as an orchestration platform.
Kubernetes 1.8 Announced

The new release comes with two new features for better security.
Final Ubuntu Desktop 17.10 Beta Arrives

Community , Desktop

Ubuntu completes the cycle of life and goes back to letter A and Gnome.
Linus Torvalds Invites Attackers to Join the Kernel Community

He wants attackers to join the community instead of attacking the code.
Oracle Donating Java EE to the Eclipse Foundation

Oracle is recommending a new name for the Java Enterprise Edition platform.
Reddit Closing Doors to Open Source

The peanut gallery of the Internet is closing its open source repository.
Largest Open Source Summit to Date Around the Corner

LinuxCon is now Open Source Summit.
Gnome is Celebrating it’s 20th Birthday

Gnome

More than 33 releases since the first release of Gnome.
SQL Server Comes to RHEL; OpenShift Comes to Azure

Microsoft and Red Hat expand their partnership.