{"title": "Multiple Vendor vacation Arbitrary Command Execution", "published": "1997-09-01T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2017-04-28T13:19:55", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-1999-0057"]}, {"type": "nessus", "idList": ["HPUX_PHNE_16295.NASL"]}], "modified": "2017-04-28T13:19:55", "rev": 2}, "vulnersScore": 7.1}, "cvelist": ["CVE-1999-0057"], "viewCount": 0, "affectedSoftware": [], "id": "OSVDB:1108", "modified": "1997-09-01T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:1108", "edition": 1, "description": "# No description provided by the source\n\n## References:\nOther Advisory URL: http://attrition.org/security/advisory/nai/SNI-18.VACATION.advisory\nISS X-Force ID: 569\n[CVE-1999-0057](https://vulners.com/cve/CVE-1999-0057)\nCIAC Advisory: i-032\nBugtraq ID: 710\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "lastseen": "2017-04-28T13:19:55"}

{"cve": [{"lastseen": "2021-02-02T05:19:00", "description": "Vacation program allows command execution by remote users through a sendmail command.", "edition": 4, "cvss3": {}, "published": "1998-11-16T05:00:00", "title": "CVE-1999-0057", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-1999-0057"], "modified": "2008-09-09T12:33:00", "cpe": ["cpe:/o:hp:hp-ux:10.00", "cpe:/o:sun:solaris:*", "cpe:/o:hp:hp-ux:10.24", "cpe:/o:freebsd:freebsd:6.2", "cpe:/o:hp:hp-ux:10.09", "cpe:/a:eric_allman:vacation:*", "cpe:/o:ibm:aix:*", "cpe:/o:hp:vvos:*", "cpe:/o:hp:hp-ux:9", "cpe:/o:sun:sunos:*"], "id": "CVE-1999-0057", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0057", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:6.2:stable:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*", "cpe:2.3:o:hp:vvos:*:*:*:*:*:*:*:*", "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:9:*:*:*:*:*:*:*", "cpe:2.3:a:eric_allman:vacation:*:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T11:32:04", "description": "s700_800 11.00 vacation patch. : \n\nThe vacation program erroneously passes parameters to sendmail.", "edition": 21, "published": "2005-02-16T00:00:00", "title": "HP-UX PHNE_16295 : s700_800 11.00 vacation patch.", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-1999-0057"], "modified": "2005-02-16T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHNE_16295.NASL", "href": "https://www.tenable.com/plugins/nessus/16657", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_16295. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16657);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-1999-0057\");\n script_xref(name:\"HP\", value:\"HPSBUX9811-087\");\n\n script_name(english:\"HP-UX PHNE_16295 : s700_800 11.00 vacation patch.\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 vacation patch. : \n\nThe vacation program erroneously passes parameters to sendmail.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_16295 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"1998/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_16295 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_16295\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"MailUtilities.MAILERS\", version:\"B.11.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}