Vulnerabilities > CVE-2000-0078 - Unspecified vulnerability in HP Hp-Ux 10/11

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

NVD

Published: 2000-01-02

Updated: 2018-05-03

Summary

The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 10 HP HP UX 11	2

Oval

accepted

2008-08-25T04:00:30.491-04:00

class

vulnerability

contributors

name	Michael Wood
organization	Hewlett-Packard

description

The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.

family

unix

oval:org.mitre.oval:def:5728

status

accepted

submitted

2008-07-11T14:41:52.000-04:00

title

/opt/audio/bin/Aserver can be used to gain root access.

version

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5728