Vulnerability Name: | CVE-2001-0803 (CCN-7396) |
Assigned: | 2001-11-12 |
Published: | 2001-11-12 |
Updated: | 2017-10-10 |
Summary: | Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
|
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Changed
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High |
|
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete |
|
Vulnerability Type: | CWE-119
|
Vulnerability Consequences: | Gain Privileges |
References: | Source: CCN Type: SGI Security Advisory 20011107-01-P CDE vulnerabilities
Source: SGI Type: UNKNOWN 20011107-01-P
Source: CCN Type: SGI Security Advisory 20020302-01-A Additional CDE and CDE ToolTalk Vulnerabilities
Source: CALDERA Type: UNKNOWN CSSA-2001-SCO.30
Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2001-SCO.30 Open UNIX, UnixWare 7: DCE SPC library buffer overflow
Source: MITRE Type: CNA CVE-2001-0803
Source: CCN Type: Compaq SECURITY BULLETIN (SSRT-541) Tru64 UNIX CDE, NFS and NIS related Potential Security Vulnerabilities
Source: COMPAQ Type: UNKNOWN SSRT541
Source: CCN Type: Hewlett-Packard Company Security Bulletin HPSBUX0111-175 Sec. Vulnerability in dtspcd
Source: SUN Type: UNKNOWN 00214
Source: CCN Type: Sun Microsystems, Inc. Security Bulletin #00214 dtspcd
Source: CCN Type: CERT Advisory CA-2001-31 Buffer Overflow in CDE Subprocess Control Service
Source: CERT Type: US Government Resource CA-2001-31
Source: CCN Type: CERT Advisory CA-2002-01 Exploitation of Vulnerability in CDE Subprocess Control Service
Source: CERT Type: US Government Resource CA-2002-01
Source: CCN Type: CIAC Information Bulletin M-019 Multiple Vendor CDE dtpscd Process Buffer Overflow
Source: CCN Type: Internet Security Systems Security Alert #101 Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service
Source: CCN Type: US-CERT VU#172583 Common Desktop Environment (CDE) Subprocess Control Service dtspcd contains buffer overflow
Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#172583
Source: HP Type: Patch, Vendor Advisory HPSBUX0111-175
Source: BID Type: Patch, Vendor Advisory 3517
Source: CCN Type: BID-3517 Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability
Source: ISS Type: Vendor Advisory 20011112 Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service
Source: XF Type: UNKNOWN cde-dtspcd-bo(7396)
Source: XF Type: UNKNOWN cde-dtspcd-bo(7396)
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:70
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:74
|
Vulnerable Configuration: | Configuration 1: cpe:/a:open_group:cde_common_desktop_environment:1.0.1:*:*:*:*:*:*:*OR cpe:/a:open_group:cde_common_desktop_environment:1.0.2:*:*:*:*:*:*:*OR cpe:/a:open_group:cde_common_desktop_environment:1.1:*:*:*:*:*:*:*OR cpe:/a:open_group:cde_common_desktop_environment:1.2:*:*:*:*:*:*:*OR cpe:/a:open_group:cde_common_desktop_environment:2.0:*:*:*:*:*:*:*OR cpe:/a:open_group:cde_common_desktop_environment:2.1:*:*:*:*:*:*:* Configuration CCN 1: cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*AND cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:10.10:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.1:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.2:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.3:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.4:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:10.24:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.7:*:*:*:*:*:*:*OR cpe:/o:ibm:aix:5.1:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.5:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.6:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.8:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:5.0a:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.9:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.10:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.11:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.12:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.13:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.14:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.15:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.16:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.19:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.20:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.21:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.24:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.22:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.23:*:*:*:*:*:*:*OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.25:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.22m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.21m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.21f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.26:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.27:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.10f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.10m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.11f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.11m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.12f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.12m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.13f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.13m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.14f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.14m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.15f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.15m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.16f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.16m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.17:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.17f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.17m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.18:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.18f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.18m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.19f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.19m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.20f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.20m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.2f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.2m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.3f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.3m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.4f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.4m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.5f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.5m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.6f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.6m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.7f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.7m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.8f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.8m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.9f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.9m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5_20:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |