Vulnerabilities > CVE-2003-1362 - Configuration vulnerability in HP Bastille B.02.00.05

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

CWE-16

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Bastille B.02.00.05	1
OS	Hp HP HP UX 11.00 HP HP UX 11.11	2

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://archives.neohapsis.com/archives/hp/2003-q1/0033.html
http://www.securityfocus.com/bid/6878
https://exchange.xforce.ibmcloud.com/vulnerabilities/11366