CVE-2001-1564Improper Handling of Insufficient Privileges in HP Hp-ux

CWE-274Improper Handling of Insufficient Privileges4 documents4 sources
Severity
2.1LOWNVD
EPSS
0.2%
top 52.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Hp-ux
Timeline
PublishedDec 31
Latest updateApr 30

Description

setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDhp/hp-ux7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-6cc4-m75g-c77f: setrlimit in HP-UX 102022-04-30
CVEList
CVE-2001-1564: setrlimit in HP-UX 102005-07-14

📐Framework References

1
CWE
Improper Handling of Insufficient Privileges
CVE-2001-1564 — HP Hp-ux vulnerability | cvebase