ID CVE-1999-1573Type cveReporter cve@mitre.orgModified 2017-10-19T01:29:00
Description
Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
{"id": "CVE-1999-1573", "bulletinFamily": "NVD", "title": "CVE-1999-1573", "description": "Multiple unknown vulnerabilities in the \"r-cmnds\" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.", "published": "1999-12-28T05:00:00", "modified": "2017-10-19T01:29:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1573", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/7860", "http://www.ciac.org/ciac/bulletins/j-022.shtml", "http://www.kb.cert.org/vuls/id/13217", "http://www.securityfocus.com/advisories/1471", "http://www.auscert.org.au/render.html?it=490", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5550"], "cvelist": ["CVE-1999-1573"], "type": "cve", "lastseen": "2019-05-29T18:07:36", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "1921c7f663c2542fbf8c53771664c88d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "807842b65a4691c39c133656e34a32c6"}, {"key": "cpe23", "hash": "3642d74d44176cd52b28fd926bad5119"}, {"key": "cvelist", "hash": "60fec02e709d26a9759159bdd00d7fa4"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "11e56c2d8f36b1920223217250e3f2a6"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "53152b20999dd87a9bbee49b490e3abe"}, {"key": "href", "hash": "8f223e2157257ac8547138ea1f65b9e2"}, {"key": "modified", "hash": "444d43e9817288cd3cd8e6c9a31c8aed"}, {"key": "published", "hash": "a66650a2f072e82d3281746d87bd3258"}, {"key": "references", "hash": "e72e34d23e064d74f32d4a2b4815aae6"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "05ac62fdf7c260f2c204ebbceb411d02"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "4ddefa405e4d7cdb5bf3d56bb41db8cb7cbbbdbfd85df998f3cb7a12c1a6afb7", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:17952", "OSVDB:17954", "OSVDB:17953", "OSVDB:17950", "OSVDB:17947", "OSVDB:17948", "OSVDB:17949", "OSVDB:17951"]}, {"type": "nessus", "idList": ["HPUX_PHNE_16091.NASL"]}], "modified": "2019-05-29T18:07:36"}, "score": {"value": 7.5, "vector": "NONE", "modified": "2019-05-29T18:07:36"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:hp:hp-ux:10.20", "cpe:/o:hp:hp-ux:10.01", "cpe:/o:hp:hp-ux:10.00", "cpe:/a:hp:hp-ux:11.00", "cpe:/a:hp:hp-ux:10.01", "cpe:/o:hp:hp-ux:10.20", "cpe:/o:hp:hp-ux:11.00", "cpe:/a:hp:hp-ux:10.00", "cpe:/a:hp:hp-ux:10.30", "cpe:/o:hp:hp-ux:10.30", "cpe:/o:hp:hp-ux:10.10", "cpe:/a:hp:hp-ux:10.10"], "affectedSoftware": [{"name": "hp hp-ux", "operator": "eq", "version": "10.00"}, {"name": "hp hp-ux", "operator": "eq", "version": "10.30"}, {"name": "hp hp-ux", "operator": "eq", "version": "10.10"}, {"name": "hp hp-ux", "operator": "eq", "version": "10.01"}, {"name": "hp hp-ux", "operator": "eq", "version": "11.00"}, {"name": "hp hp-ux", "operator": "eq", "version": "10.20"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://attrition.org/security/advisory/unix/hpalert/hp.00090.r_commands)\n[Related OSVDB ID: 17952](https://vulners.com/osvdb/OSVDB:17952)\n[Related OSVDB ID: 17947](https://vulners.com/osvdb/OSVDB:17947)\n[Related OSVDB ID: 17948](https://vulners.com/osvdb/OSVDB:17948)\n[Related OSVDB ID: 17949](https://vulners.com/osvdb/OSVDB:17949)\n[Related OSVDB ID: 17950](https://vulners.com/osvdb/OSVDB:17950)\n[Related OSVDB ID: 17951](https://vulners.com/osvdb/OSVDB:17951)\n[Related OSVDB ID: 17953](https://vulners.com/osvdb/OSVDB:17953)\nKeyword: HPSBUX9812-090\nISS X-Force ID: 7860\n[CVE-1999-1573](https://vulners.com/cve/CVE-1999-1573)\nCIAC Advisory: j-022\nCERT VU: 13217\n", "modified": "1998-12-06T22:21:21", "published": "1998-12-06T22:21:21", "href": "https://vulners.com/osvdb/OSVDB:17954", "id": "OSVDB:17954", "type": "osvdb", "title": "HP-UX rdist Unspecified Privilege Escalation", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://attrition.org/security/advisory/unix/hpalert/hp.00090.r_commands)\n[Related OSVDB ID: 17954](https://vulners.com/osvdb/OSVDB:17954)\n[Related OSVDB ID: 17947](https://vulners.com/osvdb/OSVDB:17947)\n[Related OSVDB ID: 17948](https://vulners.com/osvdb/OSVDB:17948)\n[Related OSVDB ID: 17949](https://vulners.com/osvdb/OSVDB:17949)\n[Related OSVDB ID: 17950](https://vulners.com/osvdb/OSVDB:17950)\n[Related OSVDB ID: 17951](https://vulners.com/osvdb/OSVDB:17951)\n[Related OSVDB ID: 17953](https://vulners.com/osvdb/OSVDB:17953)\nKeyword: HPSBUX9812-090\nISS X-Force ID: 7860\n[CVE-1999-1573](https://vulners.com/cve/CVE-1999-1573)\nCIAC Advisory: j-022\nCERT VU: 13217\n", "modified": "1998-12-06T22:21:21", "published": "1998-12-06T22:21:21", "href": "https://vulners.com/osvdb/OSVDB:17952", "id": "OSVDB:17952", "type": "osvdb", "title": "HP-UX rcp Unspecified Privilege Escalation", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://attrition.org/security/advisory/unix/hpalert/hp.00090.r_commands)\n[Related OSVDB ID: 17952](https://vulners.com/osvdb/OSVDB:17952)\n[Related OSVDB ID: 17954](https://vulners.com/osvdb/OSVDB:17954)\n[Related OSVDB ID: 17947](https://vulners.com/osvdb/OSVDB:17947)\n[Related OSVDB ID: 17948](https://vulners.com/osvdb/OSVDB:17948)\n[Related OSVDB ID: 17949](https://vulners.com/osvdb/OSVDB:17949)\n[Related OSVDB ID: 17951](https://vulners.com/osvdb/OSVDB:17951)\n[Related OSVDB ID: 17953](https://vulners.com/osvdb/OSVDB:17953)\nKeyword: HPSBUX9812-090\nISS X-Force ID: 7860\n[CVE-1999-1573](https://vulners.com/cve/CVE-1999-1573)\nCIAC Advisory: j-022\nCERT VU: 13217\n", "modified": "1998-12-06T22:21:21", "published": "1998-12-06T22:21:21", "href": "https://vulners.com/osvdb/OSVDB:17950", "id": "OSVDB:17950", "type": "osvdb", "title": "HP-UX rlogin Unspecified Privilege Escalation", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://attrition.org/security/advisory/unix/hpalert/hp.00090.r_commands)\n[Related OSVDB ID: 17952](https://vulners.com/osvdb/OSVDB:17952)\n[Related OSVDB ID: 17954](https://vulners.com/osvdb/OSVDB:17954)\n[Related OSVDB ID: 17948](https://vulners.com/osvdb/OSVDB:17948)\n[Related OSVDB ID: 17949](https://vulners.com/osvdb/OSVDB:17949)\n[Related OSVDB ID: 17950](https://vulners.com/osvdb/OSVDB:17950)\n[Related OSVDB ID: 17951](https://vulners.com/osvdb/OSVDB:17951)\n[Related OSVDB ID: 17953](https://vulners.com/osvdb/OSVDB:17953)\nKeyword: HPSBUX9812-090\nISS X-Force ID: 7860\n[CVE-1999-1573](https://vulners.com/cve/CVE-1999-1573)\nCIAC Advisory: j-022\nCERT VU: 13217\n", "modified": "1998-12-06T22:21:21", "published": "1998-12-06T22:21:21", "href": "https://vulners.com/osvdb/OSVDB:17947", "id": "OSVDB:17947", "type": "osvdb", "title": "HP-UX remshd Unspecified Privilege Escalation", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://attrition.org/security/advisory/unix/hpalert/hp.00090.r_commands)\n[Related OSVDB ID: 17952](https://vulners.com/osvdb/OSVDB:17952)\n[Related OSVDB ID: 17954](https://vulners.com/osvdb/OSVDB:17954)\n[Related OSVDB ID: 17947](https://vulners.com/osvdb/OSVDB:17947)\n[Related OSVDB ID: 17949](https://vulners.com/osvdb/OSVDB:17949)\n[Related OSVDB ID: 17950](https://vulners.com/osvdb/OSVDB:17950)\n[Related OSVDB ID: 17951](https://vulners.com/osvdb/OSVDB:17951)\n[Related OSVDB ID: 17953](https://vulners.com/osvdb/OSVDB:17953)\nKeyword: HPSBUX9812-090\nISS X-Force ID: 7860\n[CVE-1999-1573](https://vulners.com/cve/CVE-1999-1573)\nCIAC Advisory: j-022\nCERT VU: 13217\n", "modified": "1998-12-06T22:21:21", "published": "1998-12-06T22:21:21", "href": "https://vulners.com/osvdb/OSVDB:17948", "id": "OSVDB:17948", "type": "osvdb", "title": "HP-UX rexecd Unspecified Privilege Escalation", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://attrition.org/security/advisory/unix/hpalert/hp.00090.r_commands)\n[Related OSVDB ID: 17952](https://vulners.com/osvdb/OSVDB:17952)\n[Related OSVDB ID: 17954](https://vulners.com/osvdb/OSVDB:17954)\n[Related OSVDB ID: 17947](https://vulners.com/osvdb/OSVDB:17947)\n[Related OSVDB ID: 17948](https://vulners.com/osvdb/OSVDB:17948)\n[Related OSVDB ID: 17949](https://vulners.com/osvdb/OSVDB:17949)\n[Related OSVDB ID: 17950](https://vulners.com/osvdb/OSVDB:17950)\n[Related OSVDB ID: 17951](https://vulners.com/osvdb/OSVDB:17951)\nKeyword: HPSBUX9812-090\nISS X-Force ID: 7860\n[CVE-1999-1573](https://vulners.com/cve/CVE-1999-1573)\nCIAC Advisory: j-022\nCERT VU: 13217\n", "modified": "1998-12-06T22:21:21", "published": "1998-12-06T22:21:21", "href": "https://vulners.com/osvdb/OSVDB:17953", "id": "OSVDB:17953", "type": "osvdb", "title": "HP-UX rexec Unspecified Privilege Escalation", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://attrition.org/security/advisory/unix/hpalert/hp.00090.r_commands)\n[Related OSVDB ID: 17952](https://vulners.com/osvdb/OSVDB:17952)\n[Related OSVDB ID: 17954](https://vulners.com/osvdb/OSVDB:17954)\n[Related OSVDB ID: 17947](https://vulners.com/osvdb/OSVDB:17947)\n[Related OSVDB ID: 17948](https://vulners.com/osvdb/OSVDB:17948)\n[Related OSVDB ID: 17950](https://vulners.com/osvdb/OSVDB:17950)\n[Related OSVDB ID: 17951](https://vulners.com/osvdb/OSVDB:17951)\n[Related OSVDB ID: 17953](https://vulners.com/osvdb/OSVDB:17953)\nKeyword: HPSBUX9812-090\nISS X-Force ID: 7860\n[CVE-1999-1573](https://vulners.com/cve/CVE-1999-1573)\nCIAC Advisory: j-022\nCERT VU: 13217\n", "modified": "1998-12-06T22:21:21", "published": "1998-12-06T22:21:21", "href": "https://vulners.com/osvdb/OSVDB:17949", "id": "OSVDB:17949", "type": "osvdb", "title": "HP-UX rlogind Unspecified Privilege Escalation", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://attrition.org/security/advisory/unix/hpalert/hp.00090.r_commands)\n[Related OSVDB ID: 17952](https://vulners.com/osvdb/OSVDB:17952)\n[Related OSVDB ID: 17954](https://vulners.com/osvdb/OSVDB:17954)\n[Related OSVDB ID: 17947](https://vulners.com/osvdb/OSVDB:17947)\n[Related OSVDB ID: 17948](https://vulners.com/osvdb/OSVDB:17948)\n[Related OSVDB ID: 17949](https://vulners.com/osvdb/OSVDB:17949)\n[Related OSVDB ID: 17950](https://vulners.com/osvdb/OSVDB:17950)\n[Related OSVDB ID: 17953](https://vulners.com/osvdb/OSVDB:17953)\nKeyword: HPSBUX9812-090\nISS X-Force ID: 7860\n[CVE-1999-1573](https://vulners.com/cve/CVE-1999-1573)\nCIAC Advisory: j-022\nCERT VU: 13217\n", "modified": "1998-12-06T22:21:21", "published": "1998-12-06T22:21:21", "href": "https://vulners.com/osvdb/OSVDB:17951", "id": "OSVDB:17951", "type": "osvdb", "title": "HP-UX remsh Unspecified Privilege Escalation", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-11-01T02:47:22", "bulletinFamily": "scanner", "description": "s700_800 11.00 r-commands cumulative patch : \n\nVarious remote network commands have security defects.", "modified": "2019-11-02T00:00:00", "id": "HPUX_PHNE_16091.NASL", "href": "https://www.tenable.com/plugins/nessus/16689", "published": "2005-02-16T00:00:00", "title": "HP-UX PHNE_16091 : s700_800 11.00 r-commands cumulative patch", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_16091. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16689);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-1999-1573\");\n script_xref(name:\"HP\", value:\"HPSBUX9812-090\");\n\n script_name(english:\"HP-UX PHNE_16091 : s700_800 11.00 r-commands cumulative patch\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 r-commands cumulative patch : \n\nVarious remote network commands have security defects.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_16091 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"1998/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"1998/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_16091 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_16091\", \"PHNE_17028\", \"PHNE_17030\", \"PHNE_21731\", \"PHNE_23003\", \"PHNE_29463\", \"PHNE_33790\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"InternetSrvcs.INETSVCS-RUN\", version:\"B.11.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
