{"vuid":"VU#726187","idnumber":"726187","name":"HP-UX kernel specifies incorrect arguments for setrlimit()","keywords":["HP-UX","kernel","incorrect arguments","setrllimit()","kernel panic"],"overview":"A problem exists in some versions of the HP-UX kernel allowing an intruder to cause kernel panics.","clean_desc":"Certain versions of HP-UX setrlimit system call contain a vulnerability that permits an intruder to cause kernel panics or compromise the system. Quoting from HP Security Bulletin #0183: The HP-UX kernel incorrectly specifies arguements for setrlimit() and can produce unexpected panics. According to the HP bulletin, this problem affects HP 9000 series servers running HP-UX 11.11. For more information see, http://us-support2.external.hp.com/cki/bin/doc.pl/screen=ckiDisplayDocument?docId=200000059416918 Registration may be required to view this bulletin.","impact":"An intruder may be able to cause a denial of service by causing a kernel panic. Additionally, the HP bulletin says \"servers could be locally compromised,\" suggesting the ability to run arbitrary code.","resolution":"Apply patch PHKL_26233 as specified in the HP bulletin.","workarounds":"","sysaffected":"","thanks":"Our thanks to Hewlett Packard for security bulleting #0183, upon which this document is based.","author":"This document was written by Shawn V. Hernan.","public":["http://www.securityfocus.com/bid/4094","http://us-support2.external.hp.com/cki/bin/doc.pl/screen=ckiDisplayDocument?docId=200000059416918"],"cveids":["CVE-2002-0279"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-02-13T16:45:47Z","publicdate":"2002-02-12T00:00:00Z","datefirstpublished":"2002-03-28T17:48:33Z","dateupdated":"2003-12-09T14:46:27Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"9.1125","cam_scorecurrentwidelyknown":"11.64375","cam_scorecurrentwidelyknownexploited":"21.76875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.1125,"vulnote":null}