Lucene search

MitreCVE-2002-1604

HistoryMar 25, 2005 - 5:00 a.m.

CVE-2002-1604

2005-03-2505:00:00

mitre

web.nvd.nist.gov

cve-2002-1604

buffer overflow

hp tru64 unix

code execution

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.04

Percentile

92.1%

JSON

Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.

Affected configurations

Nvd

Node

hphp-uxMatch10.20

hphp-uxMatch11.00

hphp-uxMatch11.04

hphp-uxMatch11.11

hphp-uxMatch11.22

hptru64Match4.0f

hptru64Match4.0g

hptru64Match5.0a

hptru64Match5.1

hptru64Match5.1a

VendorProductVersionCPE
hphp-ux10.20cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
hphp-ux11.00cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
hphp-ux11.04cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*
hphp-ux11.11cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
hphp-ux11.22cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
hptru644.0fcpe:2.3:o:hp:tru64:4.0f:*:*:*:*:*:*:*
hptru644.0gcpe:2.3:o:hp:tru64:4.0g:*:*:*:*:*:*:*
hptru645.0acpe:2.3:o:hp:tru64:5.0a:*:*:*:*:*:*:*
hptru645.1cpe:2.3:o:hp:tru64:5.1:*:*:*:*:*:*:*
hptru645.1acpe:2.3:o:hp:tru64:5.1a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	hp-ux	10.20	cpe:2.3:o:hp:hp-ux:10.20:::::::*
hp	hp-ux	11.00	cpe:2.3:o:hp:hp-ux:11.00:::::::*
hp	hp-ux	11.04	cpe:2.3:o:hp:hp-ux:11.04:::::::*
hp	hp-ux	11.11	cpe:2.3:o:hp:hp-ux:11.11:::::::*
hp	hp-ux	11.22	cpe:2.3:o:hp:hp-ux:11.22:::::::*
hp	tru64	4.0f	cpe:2.3:o:hp:tru64:4.0f:::::::*
hp	tru64	4.0g	cpe:2.3:o:hp:tru64:4.0g:::::::*
hp	tru64	5.0a	cpe:2.3:o:hp:tru64:5.0a:::::::*
hp	tru64	5.1	cpe:2.3:o:hp:tru64:5.1:::::::*
hp	tru64	5.1a	cpe:2.3:o:hp:tru64:5.1a:::::::*

References

archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html

wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11

www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt

www.kb.cert.org/vuls/id/158499

www.kb.cert.org/vuls/id/416427

www.kb.cert.org/vuls/id/437899

www.kb.cert.org/vuls/id/448987

www.kb.cert.org/vuls/id/531355

www.kb.cert.org/vuls/id/567963

www.kb.cert.org/vuls/id/584243

www.kb.cert.org/vuls/id/592515

www.kb.cert.org/vuls/id/846307

www.securityfocus.com/archive/1/290115

www.securityfocus.com/bid/5647

exchange.xforce.ibmcloud.com/vulnerabilities/10016

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.04

Percentile

92.1%

JSON

Related for CVE-2002-1604