CVE-2006-6418

Name of the Vulnerable Software and Affected Versions HP Tru64 UNIX versions 4.0F PK8, 4.0G PK4, and 5.1A PK6

Description A buffer overflow issue exists in the POSIX Threads library (libpthread) that allows local users to gain root privileges by setting a long PTHREAD CONFIG environment variable.

Recommendations For HP Tru64 UNIX version 4.0F PK8, update to a version that includes a fix for this issue. For HP Tru64 UNIX version 4.0G PK4, update to a version that includes a fix for this issue. For HP Tru64 UNIX version 5.1A PK6, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting the ability to set environment variables to prevent exploitation.