Vulnerability Name:

CVE-2002-1604 (CCN-10016)

Assigned:2002-08-31
Published:2002-08-31
Updated:2017-07-11
Summary:Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Strategic Reconnaissance Team Security Advisory(SRT2002-09)
Compaq Tru64 Unix Mulitple Buffer Overflows

Source: CCN
Type: BugTraq Mailing List, Thu Sep 19 2002 - 15:44:43 CDT
Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.

Source: CCN
Type: BugTraq Mailing List, Thu Sep 19 2002 - 16:09:41 CDT
iDEFENSE OSF1/Tru64 3.x vuln clarification

Source: BUGTRAQ
Type: UNKNOWN
20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification

Source: CCN
Type: Compaq SECURITY BULLETIN SRB0039W
HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service

Source: MITRE
Type: CNA
CVE-2002-1604

Source: MITRE
Type: CNA
CVE-2002-1605

Source: MITRE
Type: CNA
CVE-2002-1606

Source: MITRE
Type: CNA
CVE-2002-1607

Source: MITRE
Type: CNA
CVE-2002-1608

Source: MITRE
Type: CNA
CVE-2002-1609

Source: MITRE
Type: CNA
CVE-2002-1611

Source: MITRE
Type: CNA
CVE-2002-1612

Source: MITRE
Type: CNA
CVE-2002-1613

Source: MITRE
Type: CNA
CVE-2002-1614

Source: MITRE
Type: CNA
CVE-2002-1615

Source: HP
Type: UNKNOWN
SSRT2275

Source: MISC
Type: Exploit
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt

Source: CCN
Type: CIAC Information Bulletin M-118
HP Tru64 Unix Multiple Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin N-102
Hewlett-Packard Potential Security Vulnerabilities in CDE

Source: CCN
Type: US-CERT VU#115731
HP Tru64 UNIX quot contains buffer overflow (SSRT2191)

Source: CCN
Type: US-CERT VU#158499
HP Tru64 UNIX csh contains buffer overflow (SSRT2275)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#158499

Source: CCN
Type: US-CERT VU#173977
HP Tru64 UNIX ps contains buffer overflow (SSRT2256)

Source: CCN
Type: US-CERT VU#293305
HP Tru64 UNIX lprm contains buffer overflow (SSRT2260)

Source: CCN
Type: US-CERT VU#408771
HP Tru64 UNIX mailcv contains buffer overflow (SSRT2193)

Source: CCN
Type: US-CERT VU#416427
HP Tru64 UNIX deliver contains buffer overflow (SSRT2275)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#416427

Source: CCN
Type: US-CERT VU#435611
HP Tru64 UNIX at contains buffer overflow (SSRT2189)

Source: CCN
Type: US-CERT VU#437899
HP Tru64 UNIX uux contains buffer overflow (SSRT2275)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#437899

Source: CCN
Type: US-CERT VU#448987
HP Tru64 UNIX uucp contains buffer overflow (SSRT2275)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#448987

Source: CCN
Type: US-CERT VU#506441
HP Tru64 UNIX .upd..loader contains buffer overflow (SSRT2275)

Source: CCN
Type: US-CERT VU#531355
HP Tru64 UNIX rdist contains buffer overflow (SSRT2275)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#531355

Source: CCN
Type: US-CERT VU#557481
HP Tru64 UNIX lpq contains buffer overflow (SSRT2275)

Source: CCN
Type: US-CERT VU#567963
HP Tru64 UNIX imapd contains buffer overflow (SSRT2275)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#567963

Source: CCN
Type: US-CERT VU#584243
HP Tru64 UNIX dtsession contains buffer overflow (SSRT2282)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#584243

Source: CCN
Type: US-CERT VU#592515
HP Tru64 UNIX inc contains buffer overflow (SSRT2275)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#592515

Source: CCN
Type: US-CERT VU#602009
HP Tru64 UNIX binmail contains buffer overflow (SSRT0796U)

Source: CCN
Type: US-CERT VU#629289
HP Tru64 UNIX traceroute contains buffer overflow (SSRT2261)

Source: CCN
Type: US-CERT VU#651377
HP Tru64 UNIX "lpr" contains buffer overflow (SSRT2275)

Source: CCN
Type: US-CERT VU#693803
HP Tru64 UNIX dxpause contains buffer overflow (SSRT2275)

Source: CCN
Type: US-CERT VU#706817
HP Tru64 UNIX ypmatch contains buffer overflow (SSRT2277)

Source: CCN
Type: US-CERT VU#846307
HP Tru64 UNIX dxsysinfo contains buffer overflow (SSRT2275)

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#846307

Source: CCN
Type: US-CERT VU#955065
HP Tru64 UNIX lpd contains buffer overflow (SSRT2275)

Source: CCN
Type: US-CERT VU#965097
HP Tru64 UNIX lpc contains buffer overflow (SSRT2260)

Source: CCN
Type: OSVDB ID: 18176
HP Tru64 UNIX csh NLSPATH Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18177
HP Tru64 UNIX dtsession NLSPATH Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18178
HP Tru64 UNIX dxsysinfo NLSPATH Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18179
HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18180
HP Tru64 UNIX inc NLSPATH Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18181
HP Tru64 UNIX uucp NLSPATH Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18182
HP Tru64 UNIX uux NLSPATH Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18183
HP Tru64 UNIX rdist NLSPATH Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18184
HP Tru64 UNIX deliver NLSPATH Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18185
HP Tru64 UNIX dtsession _XKB_CHARSET Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18186
HP Tru64 UNIX dxconsole _XKB_CHARSET Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18187
HP Tru64 UNIX dxpause _XKB_CHARSET Environment Variable Local Overflow

Source: CCN
Type: OSVDB ID: 18188
HP Tru64 UNIX lpc Unspecified Local Overflow

Source: CCN
Type: OSVDB ID: 18189
HP Tru64 UNIX lpd Unspecified Local Overflow

Source: CCN
Type: OSVDB ID: 18190
HP Tru64 UNIX lpq Unspecified Local Overflow

Source: CCN
Type: OSVDB ID: 18191
HP Tru64 UNIX lpr Unspecified Local Overflow

Source: CCN
Type: OSVDB ID: 18192
HP Tru64 UNIX lprm Unspecified Local Overflow

Source: CCN
Type: OSVDB ID: 18193
HP Tru64 UNIX traceroute Local Overflow

Source: CCN
Type: OSVDB ID: 18194
HP Tru64 UNIX ypmatch Local Overflow

Source: CCN
Type: OSVDB ID: 18195
HP Tru64 UNIX ps Local Overflow

Source: CCN
Type: OSVDB ID: 18196
HP Tru64 UNIX mailcv Local Overflow

Source: CCN
Type: OSVDB ID: 18197
HP Tru64 UNIX quot Local Overflow

Source: CCN
Type: OSVDB ID: 18199
HP Tru64 UNIX binmail Local Overflow

Source: CCN
Type: OSVDB ID: 18200
HP Tru64 UNIX /usr/bin/at Local Overflow

Source: CCN
Type: OSVDB ID: 18201
HP Tru64 UNIX msgchk Local Overflow

Source: CCN
Type: OSVDB ID: 18202
HP Tru64 UNIX .upd..loader Local Overflow

Source: BUGTRAQ
Type: UNKNOWN
20020902 Happy Labor Day from Snosoft

Source: CCN
Type: BID-5599
HP Tru64 UNIX Multiple Local and Remote Buffer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
5647

Source: CCN
Type: BID-5647
HP Tru64 NLSPATH Environment Variable Local Buffer Overflow Vulnerability

Source: CCN
Type: BID-7720
CDE DTSession Unspecified Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
tru64-multiple-binaries-bo(10016)

Source: XF
Type: UNKNOWN
tru64-multiple-binaries-bo(10016)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
HP Tru64 UNIX /bin/su buffer overflow

Vulnerable Configuration:Configuration 1:
  • cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:hp:tru64:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:hp:tru64:4.0g:*:*:*:*:*:*:*
  • OR cpe:/o:hp:tru64:5.0a:*:*:*:*:*:*:*
  • OR cpe:/o:hp:tru64:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:hp:tru64:5.1a:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0a:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp hp-ux 10.20
    hp hp-ux 11.00
    hp hp-ux 11.04
    hp hp-ux 11.11
    hp hp-ux 11.22
    hp tru64 4.0f
    hp tru64 4.0g
    hp tru64 5.0a
    hp tru64 5.1
    hp tru64 5.1a
    hp hp-ux 10.20
    compaq tru64 4.0f
    compaq tru64 4.0g
    compaq tru64 5.0a
    compaq tru64 5.1
    compaq tru64 5.1a
    hp hp-ux 11.00
    hp hp-ux 11.04
    hp hp-ux 11.11
    hp hp-ux 11.22