Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0965

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0965
Last Modified 04 Mar 2009 12:23:23
Published 09 Feb 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0965

Summary

stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.

Vulnerable Systems

Operating System

  • Hp-ux 11.00

  • Hp-ux 11.11

  • Hp-ux 11.22

  • Hp-ux 11.23


References

BID - 11493

XF - hpux-stmkfont-gain-privileges(17813)

HP - SSRT4807

MISC - http://www.nsfocus.com/english/homepage/research/0402.htm

BUGTRAQ - 20041021 NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability


Last Updated: 27 May 2016 10:38:50