{"type": "osvdb", "published": "2006-01-10T07:14:13", "href": "https://vulners.com/osvdb/OSVDB:22483", "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 7.2}, "viewCount": 1, "edition": 1, "reporter": "OSVDB", "title": "UNICOS /usr/bin/script Command Line Argument Local Overflow", "affectedSoftware": [], "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-04-28T13:20:19", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-0177"]}, {"type": "exploitdb", "idList": ["EDB-ID:27065", "EDB-ID:27066"]}, {"type": "osvdb", "idList": ["OSVDB:22484"]}], "modified": "2017-04-28T13:20:19", "rev": 2}, "vulnersScore": 6.4}, "references": [], "id": "OSVDB:22483", "lastseen": "2017-04-28T13:20:19", "cvelist": ["CVE-2006-0177"], "modified": "2006-01-10T07:14:13", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 22484](https://vulners.com/osvdb/OSVDB:22484)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html\n[CVE-2006-0177](https://vulners.com/cve/CVE-2006-0177)\nBugtraq ID: 16205\n", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:27:17", "description": "Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line.", "edition": 4, "cvss3": {}, "published": "2006-01-11T21:03:00", "title": "CVE-2006-0177", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0177"], "modified": "2017-07-20T01:29:00", "cpe": ["cpe:/o:cray:unicos:9.0.2.2"], "id": "CVE-2006-0177", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0177", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cray:unicos:9.0.2.2:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:19", "bulletinFamily": "software", "cvelist": ["CVE-2006-0177"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 22483](https://vulners.com/osvdb/OSVDB:22483)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html\n[CVE-2006-0177](https://vulners.com/cve/CVE-2006-0177)\nBugtraq ID: 16205\n", "modified": "2006-01-10T07:14:13", "published": "2006-01-10T07:14:13", "href": "https://vulners.com/osvdb/OSVDB:22484", "id": "OSVDB:22484", "type": "osvdb", "title": "UNICOS /etc/nu -c Option Filename Processing Local Overflow", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T05:02:17", "description": "Cray UNICOS /usr/bin/script Command Line Argument Local Overflow. CVE-2006-0177. Local exploit for linux platform", "published": "2006-01-10T00:00:00", "type": "exploitdb", "title": "Cray UNICOS /usr/bin/script Command Line Argument Local Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-0177"], "modified": "2006-01-10T00:00:00", "id": "EDB-ID:27065", "href": "https://www.exploit-db.com/exploits/27065/", "sourceData": "source: http://www.securityfocus.com/bid/16205/info\r\n\r\nCray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges.\r\n\r\nSuccessful exploitation could result in execution of malicious machine code with superuser privileges, facilitating the complete compromise of affected computers.\r\n\r\nThese issues are reported in version 9.0.2.2 of UNICOS; other versions may also be affected. \r\n\r\nfor '/usr/bin/script':\r\nscript `perl -e 'print \"A\"x1000'`\r\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/27065/"}, {"lastseen": "2016-02-03T05:02:24", "description": "Cray UNICOS /etc/nu -c Option Filename Processing Local Overflow. CVE-2006-0177. Local exploit for linux platform", "published": "2006-01-10T00:00:00", "type": "exploitdb", "title": "Cray UNICOS /etc/nu -c Option Filename Processing Local Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-0177"], "modified": "2006-01-10T00:00:00", "id": "EDB-ID:27066", "href": "https://www.exploit-db.com/exploits/27066/", "sourceData": "source: http://www.securityfocus.com/bid/16205/info\r\n \r\nCray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges.\r\n \r\nSuccessful exploitation could result in execution of malicious machine code with superuser privileges, facilitating the complete compromise of affected computers.\r\n \r\nThese issues are reported in version 9.0.2.2 of UNICOS; other versions may also be affected. \r\n\r\nfor '/etc/nu':\r\necho \"\" >> /tmp/acid\r\nudbgen -p /tmp\r\necho `perl -e 'print \"A\"x10000'` >> /tmp/script\r\n/etc/nu -p /tmp -c /tmp/script -a ", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/27066/"}]}