ID CVE-2004-1332
Summary Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
References
Vulnerable Configurations
  • HP HP-UX 10.01
    cpe:2.3:o:hp:hp-ux:10.01
  • HP HP-UX 10.10
    cpe:2.3:o:hp:hp-ux:10.10
  • HP HP-UX 10.20
    cpe:2.3:o:hp:hp-ux:10.20
  • HP HP-UX 10.24
    cpe:2.3:o:hp:hp-ux:10.24
  • HP-UX 11.00
    cpe:2.3:o:hp:hp-ux:11.00
  • HP HP-UX 11.4
    cpe:2.3:o:hp:hp-ux:11.4
  • HP-UX 11.11
    cpe:2.3:o:hp:hp-ux:11.11
  • HP HP-UX 11.11i
    cpe:2.3:o:hp:hp-ux:11.11i
  • HP-UX 11i v1.6
    cpe:2.3:o:hp:hp-ux:11.22
  • HP-UX 11i v2
    cpe:2.3:o:hp:hp-ux:11.23
  • HP hp-ux series 700 10.20
    cpe:2.3:o:hp:hp-ux_series_700:10.20
  • HP hp-ux series 800 10.20
    cpe:2.3:o:hp:hp-ux_series_800:10.20
  • cpe:2.3:o:hp:sis
    cpe:2.3:o:hp:sis
  • HP VVOS 10.24
    cpe:2.3:o:hp:vvos:10.24
  • HP VVOS 11.04
    cpe:2.3:o:hp:vvos:11.04
CVSS
Base: 7.5 (as of 20-06-2005 - 15:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_23950.NASL
    description s700_800 11.11 ftpd(1M) patch : ftpd and ftp incorrectly manage buffers.
    last seen 2018-09-02
    modified 2013-04-20
    plugin id 16576
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16576
    title HP-UX PHNE_23950 : HP-UX Running ftp and ftpd, Remote Unauthorized Access (HPSBUX00162 SSRT4883 rev.4)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29462.NASL
    description s700_800 11.22 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd where the vulnerability could be exploited to allow a remote authorized user unauthorized access to files. (HPSBUX01119 SSRT4694) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential vulnerability has been identified with HP-UX running wu-ftpd with the restricted gid option enabled where the vulnerability could be exploited by a local user to gain unauthorized access to files. (HPSBUX01059 SSRT4704)
    last seen 2019-02-21
    modified 2016-01-14
    plugin id 16907
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16907
    title HP-UX PHNE_29462 : s700_800 11.22 ftpd(1M) and ftp(1) patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29460.NASL
    description s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606)
    last seen 2019-02-21
    modified 2016-01-14
    plugin id 16909
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16909
    title HP-UX PHNE_29460 : s700_800 11.00 ftpd(1M) and ftp(1) patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_31034.NASL
    description s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456)
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 16971
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16971
    title HP-UX PHNE_31034 : s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_23949.NASL
    description s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883)
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 16577
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16577
    title HP-UX PHNE_23949 : s700_800 11.00 ftpd(1M) and ftp(1) patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_29461.NASL
    description s700_800 11.11 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456)
    last seen 2019-02-21
    modified 2016-01-14
    plugin id 16908
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16908
    title HP-UX PHNE_29461 : s700_800 11.11 ftpd(1M) and ftp(1) patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_24395.NASL
    description s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883)
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 16931
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16931
    title HP-UX PHNE_24395 : s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch
oval via4
accepted 2014-03-24T04:01:45.272-04:00
class vulnerability
contributors
  • name Michael Wood
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
description Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
family unix
id oval:org.mitre.oval:def:5701
status accepted
submitted 2008-07-08T17:01:37.000-04:00
title HP-UX ftpd, Remote Privileged Access
version 36
refmap via4
bid 12077
cert-vn VU#647438
hp
  • HPSBUX01118
  • SSRT4883
idefense 20041221 Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability
sectrack 1012650
secunia 13608
xf hp-ftpd-bo(18636)
Last major update 17-10-2016 - 22:53
Published 31-12-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top