CERTA-2002-AVI-179

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité de l'appel système ptrace permet de réaliser un déni de service.

Description

L'appel système ptrace permet l'observation et le contrôle d'un processus. Il permet également d'examiner et de modifier son image mémoire et ses registres.

Selon HP, en exploitant une vulnérabilité de cet appel système, un utilisateur mal intentionné peut provoquer un déni de service sur le système.

Cette vulnérabilité n'est exploitable qu'en local.

Solution

Appliquer le correctif correspondant à la version de HP-UX :

  • HP-UX 11.00 : PHKL_27180
  • HP-UX 11.04 : PHKL_27536
  • HP-UX 11.11 : PHKL_27179

HP-UX versions 11.00, 11.04 et 11.11.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eHP-UX versions 11.00, 11.04 et 11.11.\u003c/P\u003e",
  "content": "## Description\n\nL\u0027appel syst\u00e8me ptrace permet l\u0027observation et le contr\u00f4le d\u0027un\nprocessus. Il permet \u00e9galement d\u0027examiner et de modifier son image\nm\u00e9moire et ses registres.\n\nSelon HP, en exploitant une vuln\u00e9rabilit\u00e9 de cet appel syst\u00e8me, un\nutilisateur mal intentionn\u00e9 peut provoquer un d\u00e9ni de service sur le\nsyst\u00e8me.\n\nCette vuln\u00e9rabilit\u00e9 n\u0027est exploitable qu\u0027en local.\n\n## Solution\n\nAppliquer le correctif correspondant \u00e0 la version de HP-UX :\n\n-   HP-UX 11.00 : PHKL_27180\n-   HP-UX 11.04 : PHKL_27536\n-   HP-UX 11.11 : PHKL_27179\n",
  "cves": [],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 HP HPSBUX0208-206 et correctifs :",
      "url": "http://itrc.hp.com"
    }
  ],
  "reference": "CERTA-2002-AVI-179",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-08-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de l\u0027appel syst\u00e8me \u003cspan class=\"textit\"\u003eptrace\u003c/span\u003e\npermet de r\u00e9aliser un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de l\u0027appel syst\u00e8me ptrace sous HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de securit\u00e9 HP HPSBUX0208-206",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.