High

CVE-2002-1618 - Unspecified vulnerability in HP JFS/-UX

Publication: 2002-10-16

Summary

JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.

Risk level (CVSS 7.2)

High

7.2

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

HP JFS 3.1
HP HP-UX 10.20
HP HP-UX 11.00
HP HP-UX 11.04

References

http://www.kb.cert.org/vuls/id/248337
http://www.securityfocus.com/advisories/4569
http://www.securityfocus.com/bid/5979
https://exchange.xforce.ibmcloud.com/vulnerabilities/10399