Vulnerabilities > CVE-2000-0077 - Unspecified vulnerability in HP Hp-Ux 10/11

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

exploit available

NVD

Published: 2000-01-02

Updated: 2018-05-03

Summary

The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 10 HP HP UX 11	2

Exploit-Db

description	HP-UX 10.x/11.x Aserver PATH Vulnerability. CVE-2000-0077. Local exploit for hp-ux platform
id	EDB-ID:20396
last seen	2016-02-02
modified	1998-10-18
published	1998-10-18
reporter	Loneguard
source	https://www.exploit-db.com/download/20396/
title	HP-UX 10.x/11.x Aserver PATH Vulnerability

Oval

accepted

2008-08-25T04:00:16.902-04:00

class

vulnerability

contributors

name	Michael Wood
organization	Hewlett-Packard

description

The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

family

unix

oval:org.mitre.oval:def:5549

status

accepted

submitted

2008-07-11T14:41:52.000-04:00

title

/opt/audio/bin/Aserver can be used to gain root access.

version

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5549