| Vulnerability Name: | CVE-2002-1616 (CCN-11620) | ||||||||
| Assigned: | 2002-08-01 | ||||||||
| Published: | 2002-08-01 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: FULLDISC Type: UNKNOWN 20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification Source: HP Type: UNKNOWN SSRT2259 Source: MITRE Type: CNA CVE-2002-1616 Source: CCN Type: Compaq SECURITY BULLETIN: SSRT2257 Potential Security Vulnerability Patch Source: MISC Type: Exploit http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_su.txt Source: CCN Type: US-CERT VU#137555 HP Tru64 UNIX chfn contains buffer overflow (SSRT2259) Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#137555 Source: CCN Type: US-CERT VU#177067 HP Tru64 UNIX passwd contains buffer overflow (SSRT2192) Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#177067 Source: CCN Type: US-CERT VU#193347 HP Tru64 UNIX contains buffer overflow in libc libraries (SSRT2257) Source: CERT-VN Type: Patch, US Government Resource VU#193347 Source: CCN Type: US-CERT VU#671627 HP Tru64 UNIX dxchpwd contains buffer overflow Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#671627 Source: CERT-VN Type: US Government Resource VU#864083 Source: CCN Type: OSVDB ID: 18203 HP Tru64 UNIX su Local Overflow Source: CCN Type: OSVDB ID: 18204 HP Tru64 UNIX chsh Local Overflow Source: CCN Type: OSVDB ID: 18205 HP Tru64 UNIX passwd Local Overflow Source: CCN Type: OSVDB ID: 18206 HP Tru64 UNIX chfn Local Overflow Source: CCN Type: OSVDB ID: 18207 HP Tru64 UNIX dxchpwd Local Overflow Source: CCN Type: OSVDB ID: 18208 HP Tru64 UNIX libc Local Overflow Source: BUGTRAQ Type: Vendor Advisory 20020902 Happy Labor Day from Snosoft Source: BID Type: Vendor Advisory 5379 Source: CCN Type: BID-5379 Tru64 CHSH Local Privilege Escalation Vulnerability Source: BID Type: Patch 5380 Source: CCN Type: BID-5380 Tru64 passwd Local Privilege Escalation Vulnerability Source: BID Type: Patch 5381 Source: CCN Type: BID-5381 Tru64 CHFN Local Privilege Escalation Vulnerability Source: BID Type: Patch 5382 Source: CCN Type: BID-5382 Tru64 DXCHPWD Local Privilege Escalation Vulnerability Source: XF Type: UNKNOWN tru64-chfn-bo(10614) Source: XF Type: UNKNOWN tru64-dxchpwd-bo(11620) Source: XF Type: UNKNOWN tru64-dxchpwd-bo(11620) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||