Vulnerabilities > CVE-2006-5452 - Unspecified vulnerability in HP Hp-Ux and Tru64
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN hp
nessus
Summary
Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 17 |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35434.NASL description s700_800 11.11 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running dtmail. The vulnerability could be exploited by a local, authorized user to execute arbitrary code as a member of the last seen 2020-06-01 modified 2020-06-02 plugin id 22919 published 2006-10-25 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22919 title HP-UX PHSS_35434 : HP-UX Running dtmail, Local Execution of Arbitrary Code (HPSBUX02162 SSRT061223 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_35434. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(22919); script_version("1.12"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2006-5452"); script_xref(name:"HP", value:"emr_na-c00793091"); script_xref(name:"HP", value:"HPSBUX02162"); script_xref(name:"HP", value:"SSRT061223"); script_name(english:"HP-UX PHSS_35434 : HP-UX Running dtmail, Local Execution of Arbitrary Code (HPSBUX02162 SSRT061223 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running dtmail. The vulnerability could be exploited by a local, authorized user to execute arbitrary code as a member of the 'mail' group. References: NETRAGARD-20060810." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f511d9dd" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_35434 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHSS_35434 applies to a different OS release."); } patches = make_list("PHSS_35434", "PHSS_36407"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"CDE.CDE-ENG-A-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MAN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-FONTS", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-FRE-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-GER-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-HELP-RUN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-ITA-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-JPN-E-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-JPN-S-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-KOR-E-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-LANGS", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-RUN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-SCH-H-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-SPA-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-SWE-I-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-TCH-B-HELP", version:"B.11.11")) flag++; if (hpux_check_patch(app:"CDE.CDE-TCH-E-HELP", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35433.NASL description s700_800 11.00 CDE Runtime Patch : A potential security vulnerability has been identified with HP-UX running dtmail. The vulnerability could be exploited by a local, authorized user to execute arbitrary code as a member of the last seen 2020-06-01 modified 2020-06-02 plugin id 22916 published 2006-10-25 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22916 title HP-UX PHSS_35433 : HP-UX Running dtmail, Local Execution of Arbitrary Code (HPSBUX02162 SSRT061223 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_35433. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(22916); script_version("1.12"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2006-5452"); script_xref(name:"HP", value:"emr_na-c00793091"); script_xref(name:"HP", value:"HPSBUX02162"); script_xref(name:"HP", value:"SSRT061223"); script_name(english:"HP-UX PHSS_35433 : HP-UX Running dtmail, Local Execution of Arbitrary Code (HPSBUX02162 SSRT061223 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 CDE Runtime Patch : A potential security vulnerability has been identified with HP-UX running dtmail. The vulnerability could be exploited by a local, authorized user to execute arbitrary code as a member of the 'mail' group. References: NETRAGARD-20060810." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f511d9dd" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_35433 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHSS_35433 applies to a different OS release."); } patches = make_list("PHSS_35433"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"CDE.CDE-DTTERM", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-HELP", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MSG", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-FONTS", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-HELP-RUN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-MIN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-RUN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-SHLIBS", version:"B.11.00")) flag++; if (hpux_check_patch(app:"CDE.CDE-TT", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35435.NASL description s700_800 11.23 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running dtmail. The vulnerability could be exploited by a local, authorized user to execute arbitrary code as a member of the last seen 2020-06-01 modified 2020-06-02 plugin id 22917 published 2006-10-25 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22917 title HP-UX PHSS_35435 : HP-UX Running dtmail, Local Execution of Arbitrary Code (HPSBUX02162 SSRT061223 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_35435. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(22917); script_version("1.15"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2006-5452"); script_xref(name:"HP", value:"emr_na-c00793091"); script_xref(name:"HP", value:"HPSBUX02162"); script_xref(name:"HP", value:"SSRT061223"); script_name(english:"HP-UX PHSS_35435 : HP-UX Running dtmail, Local Execution of Arbitrary Code (HPSBUX02162 SSRT061223 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.23 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running dtmail. The vulnerability could be exploited by a local, authorized user to execute arbitrary code as a member of the 'mail' group. References: NETRAGARD-20060810." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f511d9dd" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_35435 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23")) { exit(0, "The host is not affected since PHSS_35435 applies to a different OS release."); } patches = make_list("PHSS_35435", "PHSS_35885", "PHSS_39135", "PHSS_39408", "PHSS_41174"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"CDE.CDE-ENG-A-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"CDE.CDE-LANGS", version:"B.11.23")) flag++; if (hpux_check_patch(app:"CDE.CDE-RUN", version:"B.11.23")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2014-03-24T04:01:39.978-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| description | Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:5175 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2008-07-03T16:09:05.000-04:00 | ||||||||||||
| title | HP-UX Running dtmail, Local Execution of Arbitrary Code | ||||||||||||
| version | 41 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091
- http://secunia.com/advisories/22451
- http://secunia.com/advisories/22451
- http://secunia.com/advisories/22528
- http://secunia.com/advisories/22528
- http://securitytracker.com/id?1017083
- http://securitytracker.com/id?1017083
- http://securitytracker.com/id?1017098
- http://securitytracker.com/id?1017098
- http://securitytracker.com/id?1017099
- http://securitytracker.com/id?1017099
- http://www.netragard.com/pdfs/research/HP-TRU64-DTMAIL-20060810.txt
- http://www.netragard.com/pdfs/research/HP-TRU64-DTMAIL-20060810.txt
- http://www.securityfocus.com/archive/1/449321/100/0/threaded
- http://www.securityfocus.com/archive/1/449321/100/0/threaded
- http://www.securityfocus.com/bid/20580
- http://www.securityfocus.com/bid/20580
- http://www.vupen.com/english/advisories/2006/4139
- http://www.vupen.com/english/advisories/2006/4139
- http://www.vupen.com/english/advisories/2006/4140
- http://www.vupen.com/english/advisories/2006/4140
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29644
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29644
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5175
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5175