Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1604

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1604
Last Modified 07 Mar 2011 09:10:31
Published 02 Sep 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1604

Summary

Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.

Vulnerable Systems

Operating System

  • Hp Tru64 4.0f

  • Hp Tru64 4.0g

  • Hp Tru64 5.0a

  • Hp Tru64 5.1

  • Hp Tru64 5.1a

  • Hp-ux 10.20

  • Hp-ux 11.00

  • Hp-ux 11.04

  • Hp-ux 11.11

  • Hp-ux 11.22


References

CERT-VN - VU#846307

CERT-VN - VU#592515

CERT-VN - VU#584243

CERT-VN - VU#567963

CERT-VN - VU#531355

CERT-VN - VU#448987

CERT-VN - VU#437899

CERT-VN - VU#416427

CERT-VN - VU#158499

XF - tru64-multiple-binaries-bo(10016)

BUGTRAQ - 20020902 Happy Labor Day from Snosoft

MISC - http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt

FULLDISC - 20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification

BID - 5647

HP - SSRT2275


Last Updated: 27 May 2016 10:37:24