VULHUB ™

HP-UX contains a vulnerability in it's implementation of setrlimit(). After a setuid process drops privileges, limits placed core file generation via setrlimit() are not enforced. If an attacker causes the process to dump core, it will, even if the size is greater than that set as the limit. An attacker could exploit this to create core files that consume excessive disk space. It may also be possible to attach to setuid processes that have dropped privileges with a debugger. If this is possible, attackers may be able to read memory contents and access possibly sensitive information. This is not yet verified and may warrant an independent vulnerability database record.

HP-UX contains a vulnerability in it's implementation of setrlimit(). After a setuid process drops privileges, limits placed core file generation via setrlimit() are not enforced. If an attacker causes the process to dump core, it will, even if the size is greater than that set as the limit. An attacker could exploit this to create core files that consume excessive disk space. It may also be possible to attach to setuid processes that have dropped privileges with a debugger. If this is possible, attackers may be able to read memory contents and access possibly sensitive information. This is not yet verified and may warrant an independent vulnerability database record.