Vulnerability Name: | CVE-2004-0965 (CCN-17813) | ||||||||
Assigned: | 2004-10-20 | ||||||||
Published: | 2004-10-20 | ||||||||
Updated: | 2017-10-11 | ||||||||
Summary: | stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2004-0965 Source: BUGTRAQ Type: UNKNOWN 20041021 NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability Source: CCN Type: Hewlett-Packard Support Web site IT resource center Source: CCN Type: NSFOCUS Security Advisory(SA2004-02) HP-UX stmkfont Local Privilege Escalation Vulnerability Source: MISC Type: UNKNOWN http://www.nsfocus.com/english/homepage/research/0402.htm Source: CCN Type: OSVDB ID: 11028 HP-UX stmkfont Path Subversion Local Privilege Escalation Source: HP Type: UNKNOWN SSRT4807 Source: BID Type: Patch, Vendor Advisory 11493 Source: CCN Type: BID-11493 HP-UX STMKFONT Local Privilege Escalation Vulnerability Source: XF Type: UNKNOWN hpux-stmkfont-gain-privileges(17813) Source: XF Type: UNKNOWN hpux-stmkfont-gain-privileges(17813) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5538 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |