Vigil@nce: HP-UX, denial of service via ELF
December 2008 by Vigil@nce
A local attacker can run a malicious program in order to stop the
system.
– Gravity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 03/12/2008
IMPACTED PRODUCTS
– Hewlett-Packard HP-UX
DESCRIPTION
The ELF (Executable and Linking Format) format is used by
executable programs. The execve() system call loads ELF files and
starts their execution.
However, if the file is malformed, an error occurs in execve() and
panics the kernel.
A local attacker can therefore run a malicious program in order to
stop the system.
CHARACTERISTICS
– Identifiers: c01615952, CVE-2008-4416, HPSBUX02389, SSRT080141,
VIGILANCE-VUL-8282
– Url: http://vigilance.fr/vulnerability/8282