CVE-2002-1473
published 2003-04-22CVE-2002-1473: Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary…
PriorityP425medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
4.43%
90.2th percentile
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wfp6-64v9-pqm2: The LPD service in HP-UX 10
ghsa_unreviewed·2022-05-01·CVSS 4.6
CVE-2005-3277 [MEDIUM] GHSA-wfp6-64v9-pqm2: The LPD service in HP-UX 10
The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.
GHSA
GHSA-crxp-x2qh-h8xx: Multiple buffer overflows in lp subsystem for HP-UX 10
ghsa_unreviewed·2022-04-30
CVE-2002-1473 [MEDIUM] GHSA-crxp-x2qh-h8xx: Multiple buffer overflows in lp subsystem for HP-UX 10
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
GHSA
GHSA-69q2-4j65-gwmx: Buffer overflow in rwrite for HP-UX 11
ghsa_unreviewed·2022-04-29·CVSS 4.6
CVE-2003-1461 [MEDIUM] CWE-119 GHSA-69q2-4j65-gwmx: Buffer overflow in rwrite for HP-UX 11
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
No detection rules found.
Exploit-DB
HP-UX LPD - Command Execution (Metasploit)
exploitdb·2010-10-06
CVE-2002-1473 HP-UX LPD - Command Execution (Metasploit)
HP-UX LPD - Command Execution (Metasploit)
---
##
# $Id: cleanup_exec.rb 10561 2010-10-06 00:53:45Z hdm $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP-UX LPD Command Execution',
'Description' => %q{
This exploit abuses an unpublished vulnerability in the
HP-UX LPD service. This flaw allows an unauthenticated
attacker to execute arbitrary commands with the privileges
of the root user. The LPD service is only exploitable when
the address of the attacking system can be resolved by the
target. This vulnerability was silently patched wit
Exploit-DB
HP-UX LPD 10.20/11.00/11.11 - Command Execution (Metasploit)
exploitdb·2002-08-28
CVE-2002-1473 HP-UX LPD 10.20/11.00/11.11 - Command Execution (Metasploit)
HP-UX LPD 10.20/11.00/11.11 - Command Execution (Metasploit)
---
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP-UX LPD Command Execution',
'Description' => %q{
This exploit abuses an unpublished vulnerability in the
HP-UX LPD service. This flaw allows an unauthenticated
attacker to execute arbitrary commands with the privileges
of the root user. The LPD service is only exploitable when
the address of the attacking system can be resolved by the
target. This vulnerability was silently patched with the
buffer overflow flaws add
Metasploit
HP-UX LPD Command Execution
metasploit
HP-UX LPD Command Execution
HP-UX LPD Command Execution
This exploit abuses an unpublished vulnerability in the HP-UX LPD service. This flaw allows an unauthenticated attacker to execute arbitrary commands with the privileges of the root user. The LPD service is only exploitable when the address of the attacking system can be resolved by the target. This vulnerability was silently patched with the buffer overflow flaws addressed in HP Security Bulletin HPSBUX0208-213.
No writeups or analysis indexed.
2003-04-22
Published