Vulnerabilities > CVE-2003-1097 - Remote Username Flag Local Buffer Overrun vulnerability in HP-UX RExec

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

exploit available

NVD

Published: 2003-12-31

Updated: 2017-10-11

Summary

Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 10.10 HP HP UX 10.16 HP HP UX 10.20 HP HP UX 10.24 HP HP UX 10.26 HP HP UX 10.30 HP HP UX 10.34 HP HP UX 11.00 HP HP UX 11.04 HP HP UX 11.11 HP HP UX 11.20 HP HP UX 11.22	12

Exploit-Db

description	HP-UX 10.x/11.x RExec Remote Username Flag Local Buffer Overrun Vulnerability. CVE-2003-1097. Dos exploit for hp-ux platform
id	EDB-ID:22552
last seen	2016-02-02
modified	2003-04-29
published	2003-04-29
reporter	Davide Del Vecchio
source	https://www.exploit-db.com/download/22552/
title	HP-UX 10.x/11.x RExec Remote Username Flag Local Buffer Overrun Vulnerability

Oval

accepted

2008-08-25T04:00:20.623-04:00

class

vulnerability

contributors

name	Michael Wood
organization	Hewlett-Packard

description

Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

family

unix

oval:org.mitre.oval:def:5611

status

accepted

submitted

2008-07-10T16:22:36.000-04:00

title

Potential buffer overflow in rexec(1)

version

Summary

Vulnerable Configurations

Exploit-Db

Oval

References