Hp-Ux Security Vulnerabilities - November

CVE-1999-0022

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

CVE-1999-0038

Buffer overflow in xlock program allows local users to execute commands as root.

CVE-1999-0307

Buffer overflow in HP-UX cstm program allows local users to gain root privileges.

CVE-1999-0353

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.

CVE-1999-0432

ftp on HP-UX 11.00 allows local users to gain privileges.

CVE-1999-0435

MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM.

CVE-1999-0436

Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.

CVE-1999-0479

Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.

CVE-1999-0686

Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

CVE-1999-0688

Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

CVE-1999-0690

HP CDE program includes the current directory in root's PATH variable.

CVE-1999-0693

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

CVE-1999-0696

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

CVE-1999-0707

The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.

CVE-1999-1247

Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.

CVE-1999-1573

Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.

CVE-2000-0005

HP-UX aserver program allows local users to gain privileges via a symlink attack.

CVE-2000-0077

The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

CVE-2000-0078

The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.

CVE-2000-0083

HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.

CVE-2000-0095

The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.

CVE-2000-0159

HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.

CVE-2000-0251

HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.

CVE-2000-0414

Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.

CVE-2000-0468

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

CVE-2000-0515

The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.

CVE-2000-0573

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

CVE-2000-0699

Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.

CVE-2000-0702

The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

CVE-2000-0730

Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.

CVE-2000-0801

Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.

CVE-2000-0966

Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.

CVE-2000-0972

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

CVE-2000-1028

Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.

CVE-2000-1031

Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.

CVE-2000-1126

Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.

CVE-2000-1127

registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.

CVE-2000-1134

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

CVE-2001-0085

Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.

CVE-2001-0105

Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.

CVE-2001-0106

Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server.

CVE-2001-0219

Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.

CVE-2001-0248

Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

CVE-2001-0249

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

CVE-2001-0266

Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.

CVE-2001-0311

Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.

CVE-2001-0379

Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.

CVE-2001-0488

pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.

CVE-2001-0551

Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.

CVE-2001-0607

asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.