Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3277

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-3277
Last Modified 05 Sep 2008 04:53:56
Published 21 Oct 2005 02:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3277

Summary

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.

Vulnerable Systems

Operating System

  • Hp-ux 10.20

  • Hp-ux 11.00

  • Hp-ux 11.11


References

BID - 15136

MISC - http://www.frsirt.com/exploits/20051019.hpux_lpd_exec.pm.php

MISC - http://archives.neohapsis.com/archives/hp/2002-q3/0064.html


Last Updated: 27 May 2016 10:40:52