HPE Community
Operating System - HP-UX
1855409 Members
3962 Online
104110 Solutions
New Discussion

HPSBUX0010-125 Vulnerability in lpspooler

 
Jim Barden
Occasional Contributor

‎10-24-2000 07:44 AM

‎10-24-2000 07:44 AM

HPSBUX0010-125 Vulnerability in lpspooler

Can anyone tell me what actions or reasons a memory buffer overflow might occur? And what increased priviledges a user might receive?
0 Kudos
Reply
2 REPLIES 2
Kofi ARTHIABAH
Honored Contributor

‎10-24-2000 08:00 AM

‎10-24-2000 08:00 AM

Re: HPSBUX0010-125 Vulnerability in lpspooler

Everytime some sort of limit is set of a variable (or block of memory etc.) there is the possibility that if more data (or poorly formatted data) is passed to a program, it would behave eratically. In some cases, a buffer overflow may dump core or even provide a shell for malacious commands to be executed (that is really scary). If a buffer overflow occurs and a shell is provided to execute commands, the priviledges of the malacious user would be equivalent to the program that is running (so if the program is running as root, then your malacious user has root previledges - and you do not want that!)

There is an interesting write-up on How 'buffer overflow' attacks work

http://www.securityfocus.com/templates/library.html?id=2735

good luck
nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
CHRIS_ANORUO
Honored Contributor

‎10-24-2000 08:30 AM

‎10-24-2000 08:30 AM

Re: HPSBUX0010-125 Vulnerability in lpspooler

Download and install patch PHCO_22364 for 10.20. This Patch has addressed the problem that you are experiencing.
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.