Vulnerability Name:

CVE-2007-0139 (CCN-31373)

Assigned:2007-01-05
Published:2007-01-05
Updated:2011-03-08
Summary:Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CONFIRM
Type: Patch
ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt

Source: CCN
Type: HP FTP site
DECnet/OSI V7.3 for OpenVMS VAX

Source: CONFIRM
Type: Patch
ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt

Source: MITRE
Type: CNA
CVE-2007-0139

Source: OSVDB
Type: UNKNOWN
32583

Source: OSVDB
Type: UNKNOWN
32584

Source: OSVDB
Type: UNKNOWN
32585

Source: OSVDB
Type: UNKNOWN
32586

Source: CCN
Type: SA23636
HP DECnet-Plus for OpenVMS Unspecified Security Bypass

Source: SECUNIA
Type: Patch, Vendor Advisory
23636

Source: CCN
Type: OSVDB ID: 32583
HP DECnet-Plus for OpenVMS [SYSEXE]CTF$UI.EXE Unspecified Privilege Escalation

Source: CCN
Type: OSVDB ID: 32584
HP DECnet-Plus for OpenVMS [SYSMSG]CTF$MESSAGES.EXE Unspecified Privilege Escalation

Source: CCN
Type: OSVDB ID: 32585
HP DECnet-Plus for OpenVMS [SYSHLP]CTF$HELP.HLB Unspecified Privilege Escalation

Source: CCN
Type: OSVDB ID: 32586
HP DECnet-Plus for OpenVMS [SYSMGR]CTF$STARTUP.COM Unspecified Privilege Escalation

Source: CCN
Type: BID-21888
HP DECNet-Plus For OpenVMS Unspecified Security Bypass Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-0063

Source: XF
Type: UNKNOWN
hp-decnet-unspecified-security-bypass(31373)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:openvms:7.3:*:openvms_vax:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.3_2:*:openvms_vax:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:openvms_vax:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms_alpha:7.3-2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp openvms 7.3
    hp openvms 7.3_2
    hp openvms vax 7.3
    hp openvms alpha 7.3-2