HP-UX 10.20 SharedX Receiver Service DoS

From: Security Research Team (securityat_private)
Date: Fri Oct 16 1998 - 11:04:16 PDT

Next message: Aleph One: "Microsoft Security Bulletin (MS98-015)"

Previous message: SGI Security Coordinator: "IRIX Xaw library exploitable buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

__________________________________________________________

      S.A.F.E.R. Security Bulletin 981014.DOS.1.2
__________________________________________________________


TITLE     : Vulnerability in SharedX Receiver Service (recserv)
DATE      : October 14, 1998
NATURE    : Denial-of-Service
PLATFORMS : HP-UX 10.20 (possibly others)

DETAILS:

By sending specific amount of characters to SharedX Receiver Service,
remote (and local) users can perform DoS attack against HP-UX 10.20 machine.

Recserv process reaches 100% (or less, depending on CPU usage by other
processes) 3-5 minutes after attack, and has to be killed and restarted.

FIXES:

Hewlett-Packard has been notified on 03-September-1998, but patch is not
available yet.


__________________________________________________________

   S.A.F.E.R. - Security Alert For Entreprise Resources
          Copyright (c) 1998  Siam Relay Ltd.
 http://siamrelay.com/safer  ---  securityat_private
__________________________________________________________

Next message: Aleph One: "Microsoft Security Bulletin (MS98-015)"
Previous message: SGI Security Coordinator: "IRIX Xaw library exploitable buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:55 PDT