Vulnerability CVE-2006-2574 - CERT Civis.Net

Vulnerability Name:

CVE-2006-2574 (CCN-26609)

Assigned:

2006-05-22

Published:

2006-05-22

Updated:

2018-10-18

Summary:

Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.

CVSS v3 Severity:

8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: BugTraq Mailing List, Tue May 23 2006 - 07:39:23 CDT
[security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege

Source: MITRE
Type: CNA
CVE-2006-2574

Source: CONFIRM
Type: Patch
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00659649

Source: CCN
Type: SA20230
HP-UX Software Distributor Privilege Escalation Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
20230

Source: CCN
Type: SA20332
Avaya PDS Software Distributor Privilege Escalation

Source: SECUNIA
Type: UNKNOWN
20332

Source: SREASON
Type: UNKNOWN
964

Source: CCN
Type: SECTRACK ID: 1016139
HP Software Distributor Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: Patch
1016139

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-106.htm

Source: CCN
Type: ASA-2006-106
HP-UX Running Software Distributor Local Elevation of Privilege

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX02114 SSRT061115
HP-UX Running Software Distributor Local Elevation of Privilege Elevation of Privilege

Source: CCN
Type: OSVDB ID: 25804
HP-UX Software Distributor Unspecified Privilege Escalation

Source: CCN
Type: OSVDB ID: 33993
HP-UX swmodify -S Argument Local Overflow

Source: CCN
Type: OSVDB ID: 33994
HP-UX swpackage -S Argument Local Overflow

Source: CCN
Type: OSVDB ID: 34271
HP-UX swask -s Argument Local Format String

Source: HP
Type: UNKNOWN
SSRT061115

Source: BID
Type: UNKNOWN
18098

Source: CCN
Type: BID-18098
Retired: HP-UX Software Distributor Unspecified Local Privilege Escalation Vulnerability

Source: CCN
Type: BID-20706
HP-UX Software Distributor SWPackage Local Buffer Overflow Vulnerability

Source: CCN
Type: BID-20726
HP-UX Software Distributor SWAsk Local Format String Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-1947

Source: XF
Type: UNKNOWN
hpux-sd-privilege-escalation(26609)

Source: XF
Type: UNKNOWN
hpux-sd-privilege-escalation(26609)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5568

Vulnerable Configuration:

Configuration 1:

cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.4:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*

Configuration CCN 1:

cpe:/o:hp:hp-ux:b.11.00:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:5568	V	HP-UX Running Software Distributor Local Elevation of Privilege	2014-03-24