Vigil@nce - HP-UX: denial of service via ONCplus NFS - vulnerability bulletin CVE-2009-1421


we track for your security since 1999

resources

Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability bulletin CVE-2009-1421 HP-UX: denial of service via ONCplus NFS
Synthesis of the vulnerability

A local attacker can create a denial of service on the NFS component of ONCplus.

Severity: 1/4.
Consequences: denial of service of service.
Provenance: user shell.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 01/07/2009.

Impacted products

HP-UX versions

Description of the vulnerability

The ONCplus (Open Network Computing) suite provides several services:
- NFS : file share
- AutoFS : automatic filesystem mounting
- etc.

A local attacker can create a denial of service on the NFS component of ONCplus.

Technical details are unknown.

Characteristics

Title: HP-UX: denial of service via ONCplus NFS
Identifiers: BID-35547, c01793493, CVE-2009-1421, HPSBUX02440, SSRT090106, VIGILANCE-VUL-8833.
Url: https://vigilance.fr/tree/1/8833

Information sources

Publications and announces
Source example: HPSBUX02440 SSRT090106 rev.1 - HP-UX Running NFS/ONCplus, Local Denial of Service (DoS)

Solutions for this vulnerability

Patch or workaround