Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1513

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-1513
Last Modified 05 Sep 2008 04:30:47
Published 02 Apr 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1513

Summary

The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.

Vulnerable Systems

Operating System

  • Compaq Tcp-ip Services 4.2

  • Compaq Tcp-ip Services 5.0a

  • Compaq Tcp-ip Services 5.1

  • Compaq Tcp-ip Services 5.3


References

BID - 5790

XF - openvms-pop-gain-privileges(10236)

BUGTRAQ - 20020927 OpenVMS POP server local vulnerability

BUGTRAQ - 20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd)

COMPAQ - SSRT2371


Last Updated: 27 May 2016 10:37:22