Vigil@nce: HP-UX, denial of service via thread
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A remote attacker can create a denial of service in a
multi-threaded service.
– Severity: 2/4
– Creation date: 07/12/2010
DESCRIPTION OF THE VULNERABILITY
The dup2() function duplicates a file descriptor.
HP announced that multi-threaded processes are not correctly
managed by HP-UX. Technical details are unknown. It may be related
to a dup2() implementation error.
Moreover, HP announced that this denial of service can be
exploited remotely (may be via a listening service).
A remote attacker can therefore create a denial of service in a
multi-threaded service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/HP-UX-denial-of-service-via-thread-10180