A remotely exploitable buffer overflow has been detected in HP-UX servers running the telnetd remote access daemon, which could crash the server or allow an intruder to gain root access. The security hole is unique to HP-UX releases 10.X.
The US Computer Incident Advisory Capability (CIAC) has released a high-risk security bulletin about the exploit. The report warns that the vulnerability could allow a hacker to execute arbitrary code with the privileges of the telnetd process.
"Although this vulnerability only applies to some versions of HP-UX, this is not a miniscule market share, as this is one of HP's biggest products," said Graham Cluley, senior technology consultant at the antivirus company Sophos.
The buffer overflow is derived from BSD UNIX source code, and was originally discovered in July. HP this week advised customers running telnetd to install the appropriate patch from its Web site. HP spokespeople were not immediately available for comment.
See ZDNet UK's Enterprise Channel for full coverage.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet news forum.