Vulnerabilities > CVE-2002-1604 - Local Buffer Overflow vulnerability in HP Tru64 NLSPATH Environment Variable

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2002-09-02

Updated: 2017-07-11

Summary

Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 10.20 HP HP UX 11.00 HP HP UX 11.04 HP HP UX 11.11 HP HP UX 11.22 HP Tru64 4.0F HP Tru64 4.0G HP Tru64 5.0A HP Tru64 5.1 HP Tru64 5.1A	10

References

http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt
http://www.kb.cert.org/vuls/id/158499
http://www.kb.cert.org/vuls/id/416427
http://www.kb.cert.org/vuls/id/437899
http://www.kb.cert.org/vuls/id/448987
http://www.kb.cert.org/vuls/id/531355
http://www.kb.cert.org/vuls/id/567963
http://www.kb.cert.org/vuls/id/584243
http://www.kb.cert.org/vuls/id/592515
http://www.kb.cert.org/vuls/id/846307
http://www.securityfocus.com/archive/1/290115
http://www.securityfocus.com/bid/5647
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016