Vulnerability Name:

CVE-2011-3164 (CCN-71001)

Assigned:2011-10-26
Published:2011-10-26
Updated:2017-09-19
Summary:Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors.
Per: http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03057703&ac.admitted=1320691067232.876444892.492883150

Upgrade to HP-UX Containers A.03.01.001
CVSS v3 Severity:8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2011-3164

Source: CCN
Type: HP Security Bulletin HPSBUX02715 SSRT100623 rev.1
HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges

Source: HP
Type: Vendor Advisory
SSRT100623

Source: CCN
Type: SA46617
HP-UX Containers Unspecified Privilege Escalation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
46617

Source: CCN
Type: OSVDB ID: 76638
HP-UX Containers (SRP) Unspecified Local Privilege Escalation

Source: BID
Type: UNKNOWN
50396

Source: CCN
Type: BID-50396
HP-UX Containers Unspecified Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1026250

Source: XF
Type: UNKNOWN
hpux-containers-unspec-priv-esc(71001)

Source: XF
Type: UNKNOWN
hpux-containers-unspec-priv-esc(71001)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14429

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:hp-ux_containers:a.03.00:*:*:*:*:*:*:*
  • OR cpe:/a:hp:hp-ux_containers:a.03.00.002:*:*:*:*:*:*:*
  • OR cpe:/a:hp:hp-ux_containers:a.03.01:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:hp:hp-ux_containers:a.03.00:*:*:*:*:*:*:*
  • OR cpe:/a:hp:hp-ux_containers:a.03.00.002:*:*:*:*:*:*:*
  • OR cpe:/a:hp:hp-ux_containers:a.03.01:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:14429
    V
    		HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
    2015-04-20
    BACK
    hp hp-ux containers a.03.00
    hp hp-ux containers a.03.00.002
    hp hp-ux containers a.03.01
    hp hp-ux containers a.03.00
    hp hp-ux containers a.03.00.002
    hp hp-ux containers a.03.01