Vulnerability Name:

CVE-2007-1993 (CCN-33567)

Assigned:2007-03-30
Published:2007-03-30
Updated:2017-10-11
Summary:Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.9 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.5 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-1993

Source: CCN
Type: HP Security Bulletin HPSBUX02203 SSRT071339
HP-UX Running Portable File System (PFS), Remote Increase in Privilege

Source: HP
Type: UNKNOWN
SSRT071339

Source: IDEFENSE
Type: UNKNOWN
20070412 Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability

Source: CCN
Type: SA24855
HP-UX Portable File System "pfs_mountd.rpc" Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
24855

Source: CCN
Type: SECTRACK ID: 1017893
HP-UX Portable File System Lets Remote Users Gain Root Access

Source: CCN
Type: ASA-2007-162
HP-UX Running Portable File System (PFS) Remote Increase in Privilege (HPSBUX02203)

Source: CCN
Type: OSVDB ID: 34897
HP-UX Portable File System (PFS) pfs_mountd.rpc Remote Code Execution

Source: BID
Type: UNKNOWN
23401

Source: CCN
Type: BID-23401
Hewlet Packard HP-UX Portable File System Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017893

Source: VUPEN
Type: Vendor Advisory
ADV-2007-1343

Source: XF
Type: UNKNOWN
hpux-pfs-privilege-escalation(33567)

Source: XF
Type: UNKNOWN
hpux-pfs-privilege-escalation(33567)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 04.12.07
Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5751

Vulnerable Configuration:Configuration 1:
  • cpe:/o:hp:hp-ux:b.11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5751
    V
    		HP-UX Running Portable File System (PFS), Remote Increase in Privilege
    2014-03-24
    BACK
    hp hp-ux b.11.00
    hp hp-ux b.11.11
    hp hp-ux b.11.23
    hp hp-ux 11.00
    hp hp-ux 11.11
    hp hp-ux 11.23