| Vulnerability Name: | CVE-2006-5557 (CCN-29781) | ||||||||
| Assigned: | 2006-10-24 | ||||||||
| Published: | 2006-10-24 | ||||||||
| Updated: | 2017-10-19 | ||||||||
| Summary: | Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. Note: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 3.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MISC Type: Exploit http://blogs.23.nu/prdelka/stories/13144/ Source: MITRE Type: CNA CVE-2006-5557 Source: CCN Type: Hewlett-Packard Web site HP-UX 11i Source: OSVDB Type: UNKNOWN 33993 Source: OSVDB Type: UNKNOWN 33994 Source: CCN Type: OSVDB ID: 33993 HP-UX swmodify -S Argument Local Overflow Source: CCN Type: OSVDB ID: 33994 HP-UX swpackage -S Argument Local Overflow Source: BID Type: Exploit, Patch 20706 Source: CCN Type: BID-20706 HP-UX Software Distributor SWPackage Local Buffer Overflow Vulnerability Source: BID Type: UNKNOWN 20735 Source: CCN Type: BID-20735 HP-UX Software Distributor SWModify Local Buffer Overflow Vulnerability Source: XF Type: UNKNOWN hpux-swmodify-bo(29781) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5035 Source: EXPLOIT-DB Type: UNKNOWN 2633 Source: EXPLOIT-DB Type: UNKNOWN 2634 | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2006-5557 (CCN-29783) | ||||||||
| Assigned: | 2006-10-24 | ||||||||
| Published: | 2006-10-24 | ||||||||
| Updated: | 2006-10-24 | ||||||||
| Summary: | HP-UX is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the swpackage utility. By sending an overly long -S command line argument, a local attacker could overflow a buffer and execute arbitrary code on the system with root privileges. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 3.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-5557 Source: CCN Type: Hewlett-Packard Web site HP-UX 11i Source: CCN Type: OSVDB ID: 33993 HP-UX swmodify -S Argument Local Overflow Source: CCN Type: OSVDB ID: 33994 HP-UX swpackage -S Argument Local Overflow Source: CCN Type: BID-20706 HP-UX Software Distributor SWPackage Local Buffer Overflow Vulnerability Source: CCN Type: BID-20735 HP-UX Software Distributor SWModify Local Buffer Overflow Vulnerability Source: XF Type: UNKNOWN hpux-swpackage-bo(29783) | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||