Vulnerabilities > CVE-2003-1099
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Oval
| accepted | 2014-03-24T04:01:47.375-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:5788 | ||||||||
| status | accepted | ||||||||
| submitted | 2008-07-08T17:01:38.000-04:00 | ||||||||
| title | HP-UX Running shar(1), Local Execution of Arbitrary Code | ||||||||
| version | 39 |
References
- http://secunia.com/advisories/10339
- http://www.ciac.org/ciac/bulletins/o-032.shtml
- http://www.kb.cert.org/vuls/id/509454
- http://www.kb.cert.org/vuls/id/CRDY-5VFQA3
- http://www.securityfocus.com/bid/9141
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13882
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5788