If HP-UX is used on systems in connection with the Telnet network protocol for remote access, attackers could attack PCs with malicious code. A version secured against this is available.
In a warning message, Hewlett Packard Enterprise (HPE) advises a speedy update. The vulnerability (CVE-2020-10188) is identified as “criticalAccording to HPE, only HP-UX 11.31 PHNE_42509 – telnetd patch 11.32 is affected. To receive a security update, admins must contact support.
Remote attackers should be able to use “short write processes” on the telntd daemon to trigger a memory error (buffer overflow). What such an attack looks like in concrete terms is not yet known.
(from)
