| Vulnerability Name: | CVE-2000-0515 (CCN-1438) | ||||||||
| Assigned: | 1998-11-17 | ||||||||
| Published: | 1998-11-17 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2000-0147 Source: MITRE Type: CNA CVE-2000-0379 Source: MITRE Type: CNA CVE-2000-0515 Source: MITRE Type: CNA CVE-2001-0046 Source: MITRE Type: CNA CVE-2001-0380 Source: MITRE Type: CNA CVE-2001-1210 Source: MITRE Type: CNA CVE-2002-0478 Source: MITRE Type: CNA CVE-2002-0540 Source: MITRE Type: CNA CVE-2002-0812 Source: CCN Type: US-CERT VU#403315 Nortel Networks CVX 1800 discloses privileged information Source: CCN Type: BID-1177 Netopia DSL Router Vulnerability Source: BID Type: UNKNOWN 1327 Source: CCN Type: BID-1327 HP SNMPD File Permission Vulnerabilities Source: CCN Type: BID-2066 Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability Source: CCN Type: BID-3758 Cisco Cable Access Router MIB Community Default Passwords Vulnerability Source: CCN Type: BID-4330 Foundry Networks EdgeIron SNMP Community String Read-Write Vulnerability Source: CCN Type: BID-4331 ISS RealSecure for Nokia IDS Devices Default KeyAdministrator Entry Vulnerability Source: CCN Type: BID-4507 Nortel CVX 1800 Multi-Service Access Switch Default SNMP Community Vulnerability Source: CCN Type: BID-5436 Orinoco OEM Residential Gateway SNMP Community String Remote Configuration Vulnerability Source: CCN Type: BID-973 SCO OpenServer SNMPD Default Community Vulnerability Source: BUGTRAQ Type: UNKNOWN 20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability Source: BUGTRAQ Type: UNKNOWN 20000608 Re: HP-UX SNMP daemon vulnerability Source: XF Type: UNKNOWN snmp-kill-interface(1438) Source: XF Type: UNKNOWN hpux-snmp-daemon(4643) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2000-0515 (CCN-4643) | ||||||||
| Assigned: | 2000-06-07 | ||||||||
| Published: | 2000-06-07 | ||||||||
| Updated: | 2000-06-07 | ||||||||
| Summary: | HP-UX stores SNMP settings in a world-writable file (snmpd.conf). An unauthorized user could use this to view and alter the SNMP daemon settings, and possibly gain root access to the system. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Jun 07 2000 - 00:11:48 CDT [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability Source: CCN Type: BugTraq Mailing List, Fri Jun 09 2000 - 01:40:02 CDT Re: HP-UX SNMP daemon vulnerability Source: MITRE Type: CNA CVE-2000-0515 Source: CCN Type: BID-1327 HP SNMPD File Permission Vulnerabilities Source: XF Type: UNKNOWN hpux-snmp-daemon(4643) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||