Vulnerability Name:

CVE-2000-0005 (CCN-3881)

Assigned:1999-01-02
Published:1999-01-02
Updated:2018-05-03
Summary:HP-UX aserver program allows local users to gain privileges via a symlink attack.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Sun Jan 02 2000 - 14:49:49 CST
HPUX Aserver revisited.

Source: MITRE
Type: CNA
CVE-2000-0005

Source: MITRE
Type: CNA
CVE-2000-0077

Source: MITRE
Type: CNA
CVE-2000-0078

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0001-108
Security Vulnerability in Aserver (revised)

Source: CCN
Type: CIAC Information Bulletin K-014
HP-UX Aserver Vulnerability

Source: CCN
Type: OSVDB ID: 9609
HP-UX aserver -f Argument last_uuid Symlink Privilege Escalation

Source: CCN
Type: OSVDB ID: 9610
HP-UX 1998 aserver Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 9611
HP-UX 1999 aserver Path Subversion Local Privilege Escalation

Source: CCN
Type: BID-1928
HP-UX Aserver /tmp/null Symbolic Link Vulnerability

Source: CCN
Type: BID-1929
HP-UX Aserver PATH Vulnerability

Source: CCN
Type: BID-1930
HP-UX Aserver /tmp/last_uuid Symbolic Link Vulnerability

Source: XF
Type: UNKNOWN
hp-aserver(3881)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5635

Vulnerable Configuration:Configuration 1:
  • cpe:/o:hp:hp-ux:7.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:7.02:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:7.06:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:7.08:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:8.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:8.01:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:8.02:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:8.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:8.05:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:8.06:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:8.07:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:8.08:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:8.09:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.01:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.03:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.05:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.06:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.07:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.08:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.09:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:9.10:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.01:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.08:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.09:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.10:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.16:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.24:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.30:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.34:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:hp:aserver:*:*:*:*:*:*:*:*
  • OR cpe:/h:hp:9000:7_800:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:hp-ux:10.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.09:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.01:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.10:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.30:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.16:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.24:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.26:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.20:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11i:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.31:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.02:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.03:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.08:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.34:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.10:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5635
    V
    		/opt/audio/bin/Aserver can be used to gain root access.
    2008-08-25
    BACK
    hp hp-ux 7.00
    hp hp-ux 7.02
    hp hp-ux 7.04
    hp hp-ux 7.06
    hp hp-ux 7.08
    hp hp-ux 8.00
    hp hp-ux 8.01
    hp hp-ux 8.02
    hp hp-ux 8.04
    hp hp-ux 8.05
    hp hp-ux 8.06
    hp hp-ux 8.07
    hp hp-ux 8.08
    hp hp-ux 8.09
    hp hp-ux 9.00
    hp hp-ux 9.01
    hp hp-ux 9.03
    hp hp-ux 9.04
    hp hp-ux 9.05
    hp hp-ux 9.06
    hp hp-ux 9.07
    hp hp-ux 9.08
    hp hp-ux 9.09
    hp hp-ux 9.10
    hp hp-ux 10.00
    hp hp-ux 10.01
    hp hp-ux 10.08
    hp hp-ux 10.09
    hp hp-ux 10.10
    hp hp-ux 10.16
    hp hp-ux 10.20
    hp hp-ux 10.24
    hp hp-ux 10.30
    hp hp-ux 10.34
    hp hp-ux 11.00
    hp aserver *
    hp 9000 7_800
    hp hp-ux 10.00
    hp hp-ux 10.09
    hp hp-ux 10.01
    hp hp-ux 10.10
    hp hp-ux 11.00
    hp hp-ux 10.20
    hp hp-ux 10.30
    hp hp-ux 10.16
    hp hp-ux 11.04
    hp hp-ux 11.11
    hp hp-ux 10.24
    hp hp-ux 10.26
    hp hp-ux 11.20
    hp hp-ux 11.22
    hp hp-ux 11.23
    hp hp-ux 11.11i
    hp hp-ux 11.31
    hp hp-ux 10.02
    hp hp-ux 10.03
    hp hp-ux 10.08
    hp hp-ux 10.34
    hp hp-ux 11.0.4
    hp hp-ux 11.10
    hp hp-ux 11.2
    hp hp-ux 11.4