You are here

U-140: HP-UX Unspecified Flaw in DCE Lets Remote Users Execute Arbitrary Code

April 4, 2012 - 7:15am

Addthis

PROBLEM:

A vulnerability was reported in HP-UX

PLATFORM:

Version(s): 11.11, 11.23; running DCE

ABSTRACT:

A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to execute arbitrary code on the target system. The code will run with the privileges of the target service.

Reference LINKS:

Vendor Advisory
Security Tracker ID 1026885
CVE-2012-0131

IMPACT ASSESSMENT:

High

Discussion:

A potential security vulnerability has been identified in HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS).

Impact:

Execution of arbitrary code via network, User access via network

Solution:

The vendor has issued a fix. The patch is available at HP support Center

Addthis