CVE Details for CVE: CVE-2002-1616
Summary
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.
| Timestamps | |
|---|---|
| Last major update | 11-07-2017 - 01:29 |
| Published | 01-08-2002 - 04:00 |
| Last modified | 11-07-2017 - 01:29 |
References
- http://www.securityfocus.com/archive/1/290115
- http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_su.txt
- http://www.kb.cert.org/vuls/id/193347
- http://www.kb.cert.org/vuls/id/671627
- http://www.kb.cert.org/vuls/id/864083
- http://www.kb.cert.org/vuls/id/177067
- http://www.kb.cert.org/vuls/id/137555
- http://www.securityfocus.com/bid/5379
- http://www.securityfocus.com/bid/5380
- http://www.securityfocus.com/bid/5381
- http://www.securityfocus.com/bid/5382
- http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
- http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11620
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10614
Vulnerable Configurations
-
cpe:2.3:o:hp:tru64:5.1:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.1:*:*:*:*:*:*:*
-
cpe:2.3:o:hp:tru64:5.1af:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.1af:*:*:*:*:*:*:*
-
cpe:2.3:o:hp:tru64:4.0g:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:4.0g:*:*:*:*:*:*:*
-
cpe:2.3:o:hp:tru64:5.0a:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.0a:*:*:*:*:*:*:*
-
cpe:2.3:o:hp:tru64:4.0f:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:4.0f:*:*:*:*:*:*:*
CWE
CVSS
Base
7.2
Impact
10.0
Exploitability
3.9
Access
| Vector | Complexity | Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| COMPLETE | COMPLETE | COMPLETE |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| bid | |
| bugtraq | |
| cert-vn | |
| fulldisc | 20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification |
| hp | |
| misc | http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_su.txt |
| xf |