Vulnerability Name:

CVE-2010-1973 (CCN-60585)

Assigned:2010-07-13
Published:2010-07-13
Updated:2019-10-09
Summary:Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors.
Per: http://marc.info/?l=bugtraq&m=127905660900687&w=2

'impacted versions are listed.
HP OpenVMS ALPHA v 8.3, v 8.2, v 7.3-2 and earlier
HP OpenVMS Itanium v 8.3-1H1, v 8.3, v 8.2-1 and earlier'
Per: http://marc.info/?l=bugtraq&m=127905660900687&w=2

'HP has made the following patch kits available to resolve the vulnerability.
Patch kit information and installation instructions are provided with each kit as noted below . The patch kits and installation instructions are available from the following location using anonymous ftp:

ftp://ftp.itrc.hp.com/openvms_patches

CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.4 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2010-1973

Source: CCN
Type: HPSBOV02539 SSRT090267 rev.1
HP OpenVMS Auditing, Local Information Disclosure

Source: HP
Type: Patch, Vendor Advisory
SSRT090267

Source: CCN
Type: SECTRACK ID: 1024190
OpenVMS Auditing Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1024190

Source: CCN
Type: OSVDB ID: 66481
HP OpenVMS Auditing Subsystem Unspecified Local Privilege Escalation

Source: XF
Type: UNKNOWN
openvms-auditing-privilege-escalation(60585)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:openvms:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2-1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2-1h1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2-2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2-6c2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.3-1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:8.3:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms:7.3:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:hp:openvms:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:8.3:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:8.3-1h1:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms:*:*:*:*:*:*:*:* (Version <= 7.3-2)

    • Configuration CCN 1:
  • cpe:/a:hp:openvms:8.3:*:*:*:*:*:*:*
  • OR cpe:/o:hp:openvms:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.3-2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:8.2-1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.3-1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2-6c2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2-2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2-1h1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2-1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openvms:8.3-1h1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp openvms 6.2
    hp openvms 7.2
    hp openvms 7.2-1
    hp openvms 7.2-1h1
    hp openvms 7.2-2
    hp openvms 7.2-6c2
    hp openvms 7.3-1
    hp openvms 8.2
    hp openvms 8.3
    hp openvms 7.3
    hp openvms 8.2
    hp openvms 8.3
    hp openvms 8.3-1h1
    hp openvms *
    hp openvms 8.3
    hp openvms 7.3
    hp openvms 7.3-2
    hp openvms 8.2-1
    hp openvms 8.2
    hp openvms 7.3-1
    hp openvms 7.2-6c2
    hp openvms 7.2-2
    hp openvms 7.2-1h1
    hp openvms 7.2-1
    hp openvms 7.2
    hp openvms 6.2
    hp openvms 8.3-1h1