Vulnerability Name:
CVE-2002-1611 (CCN-10016)
Assigned:
2002-08-30
Published:
2002-08-30
Updated:
2017-07-11
Summary:
Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
CVSS v3 Severity:
5.9 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
4.6 Medium
(CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
4.6 Medium
(CCN CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Privileges
References:
Source: CCN
Type: Strategic Reconnaissance Team Security Advisory(SRT2002-09)
Compaq Tru64 Unix Mulitple Buffer Overflows
Source: CCN
Type: BugTraq Mailing List, Thu Sep 19 2002 - 15:44:43 CDT
Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
Source: CCN
Type: BugTraq Mailing List, Thu Sep 19 2002 - 16:09:41 CDT
iDEFENSE OSF1/Tru64 3.x vuln clarification
Source: CCN
Type: Compaq SECURITY BULLETIN SRB0039W
HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service
Source: MITRE
Type: CNA
CVE-2002-1604
Source: MITRE
Type: CNA
CVE-2002-1605
Source: MITRE
Type: CNA
CVE-2002-1606
Source: MITRE
Type: CNA
CVE-2002-1607
Source: MITRE
Type: CNA
CVE-2002-1608
Source: MITRE
Type: CNA
CVE-2002-1609
Source: MITRE
Type: CNA
CVE-2002-1611
Source: MITRE
Type: CNA
CVE-2002-1612
Source: MITRE
Type: CNA
CVE-2002-1613
Source: MITRE
Type: CNA
CVE-2002-1614
Source: MITRE
Type: CNA
CVE-2002-1615
Source: CONFIRM
Type: Patch
http://ftp.support.compaq.com.au/pub/patches/Digital_UNIX/v5.1a/patch_kit/Tru64_UNIX_V5.1A/doc/txt/OSFPAT00131500520.txt
Source: HP
Type: UNKNOWN
SSRT2191
Source: CCN
Type: CIAC Information Bulletin M-118
HP Tru64 Unix Multiple Vulnerabilities
Source: CCN
Type: CIAC Information Bulletin N-102
Hewlett-Packard Potential Security Vulnerabilities in CDE
Source: CCN
Type: US-CERT VU#115731
HP Tru64 UNIX quot contains buffer overflow (SSRT2191)
Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#115731
Source: CCN
Type: US-CERT VU#158499
HP Tru64 UNIX csh contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#173977
HP Tru64 UNIX ps contains buffer overflow (SSRT2256)
Source: CCN
Type: US-CERT VU#293305
HP Tru64 UNIX lprm contains buffer overflow (SSRT2260)
Source: CCN
Type: US-CERT VU#408771
HP Tru64 UNIX mailcv contains buffer overflow (SSRT2193)
Source: CCN
Type: US-CERT VU#416427
HP Tru64 UNIX deliver contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#435611
HP Tru64 UNIX at contains buffer overflow (SSRT2189)
Source: CCN
Type: US-CERT VU#437899
HP Tru64 UNIX uux contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#448987
HP Tru64 UNIX uucp contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#506441
HP Tru64 UNIX .upd..loader contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#531355
HP Tru64 UNIX rdist contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#557481
HP Tru64 UNIX lpq contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#567963
HP Tru64 UNIX imapd contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#584243
HP Tru64 UNIX dtsession contains buffer overflow (SSRT2282)
Source: CCN
Type: US-CERT VU#592515
HP Tru64 UNIX inc contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#602009
HP Tru64 UNIX binmail contains buffer overflow (SSRT0796U)
Source: CCN
Type: US-CERT VU#629289
HP Tru64 UNIX traceroute contains buffer overflow (SSRT2261)
Source: CCN
Type: US-CERT VU#651377
HP Tru64 UNIX "lpr" contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#693803
HP Tru64 UNIX dxpause contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#706817
HP Tru64 UNIX ypmatch contains buffer overflow (SSRT2277)
Source: CCN
Type: US-CERT VU#846307
HP Tru64 UNIX dxsysinfo contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#955065
HP Tru64 UNIX lpd contains buffer overflow (SSRT2275)
Source: CCN
Type: US-CERT VU#965097
HP Tru64 UNIX lpc contains buffer overflow (SSRT2260)
Source: CCN
Type: OSVDB ID: 18176
HP Tru64 UNIX csh NLSPATH Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18177
HP Tru64 UNIX dtsession NLSPATH Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18178
HP Tru64 UNIX dxsysinfo NLSPATH Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18179
HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18180
HP Tru64 UNIX inc NLSPATH Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18181
HP Tru64 UNIX uucp NLSPATH Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18182
HP Tru64 UNIX uux NLSPATH Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18183
HP Tru64 UNIX rdist NLSPATH Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18184
HP Tru64 UNIX deliver NLSPATH Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18185
HP Tru64 UNIX dtsession _XKB_CHARSET Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18186
HP Tru64 UNIX dxconsole _XKB_CHARSET Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18187
HP Tru64 UNIX dxpause _XKB_CHARSET Environment Variable Local Overflow
Source: CCN
Type: OSVDB ID: 18188
HP Tru64 UNIX lpc Unspecified Local Overflow
Source: CCN
Type: OSVDB ID: 18189
HP Tru64 UNIX lpd Unspecified Local Overflow
Source: CCN
Type: OSVDB ID: 18190
HP Tru64 UNIX lpq Unspecified Local Overflow
Source: CCN
Type: OSVDB ID: 18191
HP Tru64 UNIX lpr Unspecified Local Overflow
Source: CCN
Type: OSVDB ID: 18192
HP Tru64 UNIX lprm Unspecified Local Overflow
Source: CCN
Type: OSVDB ID: 18193
HP Tru64 UNIX traceroute Local Overflow
Source: CCN
Type: OSVDB ID: 18194
HP Tru64 UNIX ypmatch Local Overflow
Source: CCN
Type: OSVDB ID: 18195
HP Tru64 UNIX ps Local Overflow
Source: CCN
Type: OSVDB ID: 18196
HP Tru64 UNIX mailcv Local Overflow
Source: CCN
Type: OSVDB ID: 18197
HP Tru64 UNIX quot Local Overflow
Source: CCN
Type: OSVDB ID: 18199
HP Tru64 UNIX binmail Local Overflow
Source: CCN
Type: OSVDB ID: 18200
HP Tru64 UNIX /usr/bin/at Local Overflow
Source: CCN
Type: OSVDB ID: 18201
HP Tru64 UNIX msgchk Local Overflow
Source: CCN
Type: OSVDB ID: 18202
HP Tru64 UNIX .upd..loader Local Overflow
Source: CCN
Type: BID-5599
HP Tru64 UNIX Multiple Local and Remote Buffer Overflow Vulnerabilities
Source: CCN
Type: BID-5647
HP Tru64 NLSPATH Environment Variable Local Buffer Overflow Vulnerability
Source: CCN
Type: BID-7720
CDE DTSession Unspecified Privilege Escalation Vulnerability
Source: XF
Type: UNKNOWN
tru64-multiple-binaries-bo(10016)
Source: XF
Type: UNKNOWN
tru64-multiple-binaries-bo(10016)
Source: CCN
Type: IBM Internet Security Systems X-Force Database
HP Tru64 UNIX /bin/su buffer overflow
Vulnerable Configuration:
Configuration 1
:
cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
OR
cpe:/o:hp:tru64:4.0f:*:*:*:*:*:*:*
OR
cpe:/o:hp:tru64:4.0g:*:*:*:*:*:*:*
OR
cpe:/o:hp:tru64:5.0a:*:*:*:*:*:*:*
OR
cpe:/o:hp:tru64:5.1:*:*:*:*:*:*:*
OR
cpe:/o:hp:tru64:5.1a:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
OR
cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*
OR
cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*
OR
cpe:/o:compaq:tru64:5.0a:*:*:*:*:*:*:*
OR
cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*
OR
cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:*
AND
cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
hp
hp-ux 10.20
hp
hp-ux 11.00
hp
hp-ux 11.04
hp
hp-ux 11.11
hp
hp-ux 11.22
hp
tru64 4.0f
hp
tru64 4.0g
hp
tru64 5.0a
hp
tru64 5.1
hp
tru64 5.1a
hp
hp-ux 10.20
compaq
tru64 4.0f
compaq
tru64 4.0g
compaq
tru64 5.0a
compaq
tru64 5.1
compaq
tru64 5.1a
hp
hp-ux 11.00
hp
hp-ux 11.04
hp
hp-ux 11.11
hp
hp-ux 11.22