11.4

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

exploit available

NVD

Published: 2006-10-27

Updated: 2017-10-19

Summary

Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 11.00 HP HP UX 11.4 HP HP UX 11.11	3

Exploit-Db

description	HP-UX 11i (swmodify) Stack Overflow Local Root Exploit. CVE-2006-5557. Local exploit for hp-ux platform
file	exploits/hp-ux/local/2634.c
id	EDB-ID:2634
last seen	2016-01-31
modified	2006-10-24
platform	hp-ux
port
published	2006-10-24
reporter	prdelka
source	https://www.exploit-db.com/download/2634/
title	HP-UX 11i swmodify Stack Overflow Local Root Exploit
type	local

description	HP-UX 11i (swpackage) Stack Overflow Local Root Exploit. CVE-2006-5557. Local exploit for hp-ux platform
file	exploits/hp-ux/local/2633.c
id	EDB-ID:2633
last seen	2016-01-31
modified	2006-10-24
platform	hp-ux
port
published	2006-10-24
reporter	prdelka
source	https://www.exploit-db.com/download/2633/
title	HP-UX 11i swpackage Stack Overflow Local Root Exploit
type	local

Oval

accepted

2014-03-24T04:01:39.521-04:00

class

vulnerability

contributors

name Michael Wood
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard

description

family

unix

oval:org.mitre.oval:def:5035

status

accepted

submitted

2008-07-08T17:01:37.000-04:00

title

HP-UX Running Software Distributor Local Elevation of Privilege

version

Summary

Vulnerable Configurations

Exploit-Db

Oval

References