Vulnerabilities > CVE-2003-0089 - Local Buffer Overrun vulnerability in HP-UX Software Distributor Lang Environment Variable

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

exploit available

NVD

Published: 2003-12-15

Updated: 2017-10-11

Summary

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 11.00 HP HP UX 11.11	2

Exploit-Db

description	HP-UX 11 Software Distributor Lang Environment Variable Local Buffer Overrun Vulnerability. CVE-2003-0089. Local exploit for hp-ux platform
id	EDB-ID:23343
last seen	2016-02-02
modified	2002-12-11
published	2002-12-11
reporter	watercloud
source	https://www.exploit-db.com/download/23343/
title	HP-UX 11 Software Distributor Lang Environment Variable Local Buffer Overrun Vulnerability

Oval

accepted

2014-03-24T04:01:41.068-04:00

class

vulnerability

contributors

name Michael Wood
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard

description

family

unix

oval:org.mitre.oval:def:5466

status

accepted

submitted

2008-07-09T16:48:33.000-04:00

title

HP-UX Running Software Distributor (SD), Local Increased Privileges.

version

Summary

Vulnerable Configurations

Exploit-Db

Oval

References