Vulnerabilities > CVE-2003-0333 - Privilege Escalation vulnerability in HP-UX Kermit

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

NVD

Published: 2003-05-19

Updated: 2017-07-11

Summary

Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 10.20 HP HP UX 11.00	2

References

http://archives.neohapsis.com/archives/hp/current/0044.html
http://marc.info/?l=bugtraq&m=105189670912220&w=2
http://marc.info/?l=bugtraq&m=105190667523456&w=2
http://www.kb.cert.org/vuls/id/971364
http://www.securityfocus.com/bid/7627
https://exchange.xforce.ibmcloud.com/vulnerabilities/11929