Vulnerabilities > CVE-2001-1564 - Unspecified vulnerability in HP Hp-Ux

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

NVD

Published: 2001-12-31

Updated: 2017-10-12

Summary

setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 10.01 HP HP UX 10.10 HP HP UX 10.20 HP HP UX 10.24 HP HP UX 11.00 HP HP UX 11.04 HP HP UX 11.11	7

Oval

accepted

2014-03-24T04:01:39.887-04:00

class

vulnerability

contributors

name Michael Wood
organization Hewlett-Packard
name Michael Wood
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard

description

setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropeed, which could allow local users to cause a denial of service by exhausting available disk space.

family

unix

oval:org.mitre.oval:def:5159

status

accepted

submitted

2008-07-09T16:48:34.000-04:00

title

HP-UX Running setrlimit(1M), Denial of Service (DoS)

version

Summary

Vulnerable Configurations

Oval

References