Vigil@nce: HP-UX, denial of service of ONCplus
October 2008 by Vigil@nce
A network attacker can create a denial of service in the NFS
service of ONCplus.
– Gravity: 2/4
– Consequences: denial of service of service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 07/10/2008
IMPACTED PRODUCTS
– Hewlett-Packard HP-UX
DESCRIPTION
The ONCplus (Open Network Computing) product is used to share
resources on a network using following services:
– NFS
– AutoFS
– CacheFS
– NIS
A denial of service was announced in NFS. Technical details are
unknown.
A network attacker can therefore create a denial of service in the
NFS service of ONCplus.
CHARACTERISTICS
– Identifiers: BID-31607, c01570585, CVE-2008-3543, HPSBUX02375,
SSRT080122, VIGILANCE-VUL-8153
– Url: http://vigilance.aql.fr/vulnerability/8153