CERTA-2002-AVI-179
Vulnerability from certfr_avis

Une vulnérabilité de l'appel système ptrace permet de réaliser un déni de service.

Description

L'appel système ptrace permet l'observation et le contrôle d'un processus. Il permet également d'examiner et de modifier son image mémoire et ses registres.

Selon HP, en exploitant une vulnérabilité de cet appel système, un utilisateur mal intentionné peut provoquer un déni de service sur le système.

Cette vulnérabilité n'est exploitable qu'en local.

Solution

Appliquer le correctif correspondant à la version de HP-UX :

  • HP-UX 11.00 : PHKL_27180
  • HP-UX 11.04 : PHKL_27536
  • HP-UX 11.11 : PHKL_27179

HP-UX versions 11.00, 11.04 et 11.11.

Impacted products
Vendor Product Description
References

Show details on source website


{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eHP-UX versions 11.00, 11.04 et 11.11.\u003c/P\u003e",
  "content": "## Description\n\nL\u0027appel syst\u00e8me ptrace permet l\u0027observation et le contr\u00f4le d\u0027un\nprocessus. Il permet \u00e9galement d\u0027examiner et de modifier son image\nm\u00e9moire et ses registres.\n\nSelon HP, en exploitant une vuln\u00e9rabilit\u00e9 de cet appel syst\u00e8me, un\nutilisateur mal intentionn\u00e9 peut provoquer un d\u00e9ni de service sur le\nsyst\u00e8me.\n\nCette vuln\u00e9rabilit\u00e9 n\u0027est exploitable qu\u0027en local.\n\n## Solution\n\nAppliquer le correctif correspondant \u00e0 la version de HP-UX :\n\n-   HP-UX 11.00 : PHKL_27180\n-   HP-UX 11.04 : PHKL_27536\n-   HP-UX 11.11 : PHKL_27179\n",
  "cves": [],
  "initial_release_date": "2002-08-19T00:00:00",
  "last_revision_date": "2002-08-19T00:00:00",
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 HP HPSBUX0208-206 et correctifs :",
      "url": "http://itrc.hp.com"
    }
  ],
  "reference": "CERTA-2002-AVI-179",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-08-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de l\u0027appel syst\u00e8me \u003cspan class=\"textit\"\u003eptrace\u003c/span\u003e\npermet de r\u00e9aliser un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de l\u0027appel syst\u00e8me ptrace sous HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de securit\u00e9 HP HPSBUX0208-206",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…