Skip to main content

HP-UX CDE Calendar Manager Buffer Overflow Vulnerability

Last Update Date: 11 Feb 2011 17:41 Release Date: 11 Feb 2011 6697 Views

RISK: Medium Risk

TYPE: Operating Systems - Unix

TYPE: Unix

A vulnerability has been identified in HP-UX, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by a buffer overflow error in the CMSD server (rpc.cmsd) within the CDE Calendar Manager when handling malformed packets sent to port 32768/UDP, which could be exploited by remote unauthenticated attackers to execute arbitrary code via a malicious packet.


Impact

  • Remote Code Execution

System / Technologies affected

  • HP-UX B.11.23
  • HP-UX B.11.31

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • HP-UX B.11.23
    Install PHSS_41174 or subsequent

  • HP-UX B.11.31
    Install PHSS_41788 or subsequent


Vulnerability Identifier


Source


Related Link