This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 1996-09-01
Product Hp-Ux Last view 2005-10-21
Version 10.20 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:hp:hp-ux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
10 2005-10-21 CVE-2005-3277

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.

7.5 2004-12-31 CVE-2004-1332

Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

7.2 2003-12-31 CVE-2003-1375

Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.

7.2 2003-12-31 CVE-2003-1360

Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.

7.2 2003-12-31 CVE-2003-1359

Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.

7.2 2003-12-31 CVE-2003-1358

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.

7.2 2003-12-31 CVE-2003-1356

The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.

7.2 2003-12-31 CVE-2003-1097

Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

7.2 2003-05-19 CVE-2003-0333

Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085.

10 2003-05-05 CVE-2003-0201

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

10 2003-05-05 CVE-2003-0196

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

4.6 2003-04-22 CVE-2002-1473

Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

10 2003-04-02 CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

7.5 2003-03-25 CVE-2003-0028

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

10 2003-03-07 CVE-2002-1337

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

7.5 2003-03-03 CVE-2003-0064

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

3.6 2002-12-31 CVE-2002-2270

Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.

5 2002-12-31 CVE-2002-2262

Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors.

7.5 2002-12-11 CVE-2002-1317

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

7.2 2002-10-16 CVE-2002-1618

JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.

7.2 2002-09-13 CVE-2002-1615

Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader.

7.2 2002-09-13 CVE-2002-1612

Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.

7.2 2002-09-10 CVE-2002-1613

Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.

7.2 2002-09-09 CVE-2002-1614

Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at.

10 2002-09-05 CVE-2002-0679

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

CWE : Common Weakness Enumeration

%idName
42% (3) CWE-264 Permissions, Privileges, and Access Controls
42% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (1) CWE-200 Information Exposure

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

SAINT Exploits

Description Link
SSH password weakness More info here
Samba call_trans2open buffer overflow More info here
System V login argument array buffer overflow More info here
HP OpenView OmniBack directory traversal More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
60454 dtterm Window Title Escape Sequence Arbitrary Command Execution
60341 HP-UX landiag setupterm Function TERM Environment Variable Local Overflow
60340 HP-UX lanadmin setupterm Function TERM Environment Variable Local Overflow
60337 HP-UX sort File Handling Unspecified Issue
60336 HP-UX rs.F300 PATH Environment Variable Subversion Local Privilege Escalation
60333 HP-UX wall File Argument Handling Local Overflow
60142 HP-UX xntpd Unspecified Remote DoS
56382 Centreon Nagios Virtual Appliance Default Account
43410 HP-UX ied Command Unspecified Local Information Disclosure
21592 HP-UX lpd Shell Metacharacter Remote Command Execution
20372 HP-UX setrlimit Crafted Core File Disk Space Exhaustion DoS
19179 HP-UX passwd LANG Variable Local Overflow
18202 HP Tru64 UNIX .upd..loader Local Overflow
18201 HP Tru64 UNIX msgchk Local Overflow
18200 HP Tru64 UNIX /usr/bin/at Local Overflow
18199 HP Tru64 UNIX binmail Local Overflow
18198 HP Tru64 UNIX ping Unspecified Local DoS
18197 HP Tru64 UNIX quot Local Overflow
18196 HP Tru64 UNIX mailcv Local Overflow
18195 HP Tru64 UNIX ps Local Overflow
18194 HP Tru64 UNIX ypmatch Local Overflow
18193 HP Tru64 UNIX traceroute Local Overflow
18192 HP Tru64 UNIX lprm Unspecified Local Overflow
18191 HP Tru64 UNIX lpr Unspecified Local Overflow
18190 HP Tru64 UNIX lpq Unspecified Local Overflow

ExploitDB Exploits

id Description
21180 Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability
716 Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

OpenVAS Exploits

id Description
2011-09-27 Name : CDE ToolTalk RPC Database Server Multiple Vulnerabilities
File : nvt/secpod_tooltalk_rpc_database_server_mult_vuln.nasl
2009-05-05 Name : HP-UX Update for dtterm HPSBUX00309
File : nvt/gb_hp_ux_HPSBUX00309.nasl
2009-05-05 Name : HP-UX Update for sendmail HPSBUX00246
File : nvt/gb_hp_ux_HPSBUX00246.nasl
2009-05-05 Name : HP-UX Update for rlpdaemon HPSBUX00163
File : nvt/gb_hp_ux_HPSBUX00163.nasl
2008-10-24 Name : SysV /bin/login buffer overflow (telnet)
File : nvt/binlogin_overflow_telnet.nasl
2008-01-17 Name : Debian Security Advisory DSA 280-1 (samba)
File : nvt/deb_280_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 290-1 (sendmail-wide)
File : nvt/deb_290_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 282-1 (glibc)
File : nvt/deb_282_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-2 (sendmail)
File : nvt/deb_278_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 278-1 (sendmail)
File : nvt/deb_278_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 272-1 (dietlibc)
File : nvt/deb_272_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 266-1 (krb5)
File : nvt/deb_266_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 257-1 (sendmail)
File : nvt/deb_257_1.nasl
2005-11-03 Name : Sendmail remote header buffer overflow
File : nvt/sendmail_header.nasl
2005-11-03 Name : Sendmail Group Permissions Vulnerability
File : nvt/sendmail_forword_include.nasl
2005-11-03 Name : Sendmail 8.7.*/8.8.* local overflow
File : nvt/sendmail_daemon_mode.nasl
2005-11-03 Name : Sendmail Local Starvation and Overflow
File : nvt/sendmail_875_bo.nasl
2005-11-03 Name : MPEi/X Default Accounts
File : nvt/DDI_MPEiX_FTP_Accounts.nasl
2005-11-03 Name : Default password router Pirelli AGE mB
File : nvt/pirelli_router_default_password.nasl
2005-11-03 Name : HP-UX ftpd glob() Expansion STAT Buffer Overflow
File : nvt/hpftp_glob_stat.nasl
2005-11-03 Name : Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability
File : nvt/SHN_Sendmail_DoublePipe.nasl
2005-11-03 Name : Netscape Enterprise Default Administrative Password
File : nvt/DDI_Netscape_Enterprise_Default_Administrative_Password.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 HP-UX lpd command execution attempt
RuleID : 9790 - Type : SERVER-OTHER - Revision : 8
2014-01-10 portmap pcnfsd request UDP
RuleID : 581-community - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 portmap pcnfsd request UDP
RuleID : 581 - Type : PROTOCOL-RPC - Revision : 18
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer non-evasive overflow attempt
RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14
2014-01-10 login buffer overflow attempt
RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 login buffer overflow attempt
RuleID : 3147 - Type : PROTOCOL-TELNET - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too long addresses overflow
RuleID : 2268 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too long addresses overflow
RuleID : 2266 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265-community - Type : SERVER-MAIL - Revision : 14
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265 - Type : SERVER-MAIL - Revision : 14
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too long addresses overflow
RuleID : 2264 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too many addresses overflow
RuleID : 2263-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too many addresses overflow
RuleID : 2263 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too long addresses overflow
RuleID : 2262 - Type : SERVER-MAIL - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-01 Name: The remote host has an account with a default password.
File: account_admin_QwestM0dem.nasl - Type: ACT_GATHER_INFO
2017-04-07 Name: The remote system can be accessed with a default administrator account.
File: account_admin_adminIWSS85.nasl - Type: ACT_GATHER_INFO
2017-04-07 Name: The remote system can be accessed with a default administrator account.
File: account_root_adminIWSS85.nasl - Type: ACT_GATHER_INFO
2016-11-10 Name: The remote system can be accessed with a default administrator account.
File: account_admin_Passw0rd.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_666666_666666.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_888888_888888.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote host has an account with no password set.
File: account_admin.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin1_password.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_1111.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_1111111.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_1234.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_12345.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_123456.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_4321.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_54321.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_7ujMko0admin.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_admin1234.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_meinsm.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_pass.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_admin_smcadmin.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_administrator_1234.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote system can be accessed with a default administrator account.
File: account_administrator_meinsm.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote host has an account with a default password.
File: account_guest_12345.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: The remote host has an account with a default password.
File: account_mother_fucker.nasl - Type: ACT_GATHER_INFO
2016-10-28 Name: An administrative account on the remote host uses a known default password.
File: account_root_00000000.nasl - Type: ACT_GATHER_INFO