Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Hp
  • Tru64
  • Hp-ux

Configuration 1 [-]

OR cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:4.0f:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:4.0g:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.0a:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.1:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.1a:*:*:*:*:*:*:*
References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt Exploit
http://www.kb.cert.org/vuls/id/158499 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/416427 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/437899 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/448987 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/531355 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/567963 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/584243 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/592515 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/846307 Third Party Advisory US Government Resource
http://www.securityfocus.com/archive/1/290115
http://www.securityfocus.com/bid/5647
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-03-25T05:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-03-25T00:00:00

Link: CVE-2002-1604

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2002-09-02T04:00:00.000

Modified: 2017-07-11T01:29:16.243

Link: CVE-2002-1604

JSON object: View

cve-icon Redhat Information

No data.

CWE