Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1473 — Improper Restriction of Operations within the Bounds of a Memory Buffer in HP Hp-ux

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents5 sources

Severity

10.0CRITICALNVD

NVD7.2NVD4.6CNA4.6

EPSS

10.0%

top 6.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Hp-ux

Timeline

PublishedApr 22

Latest updateMay 1

Description

Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDhp/hp-ux10.20, 11.00, 11.11+2

Patches

Patch: archives.neohapsis.com ↗Patch: www.iss.net ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-wfp6-64v9-pqm2: The LPD service in HP-UX 10↗2022-05-01

▶

GHSA

GHSA-crxp-x2qh-h8xx: Multiple buffer overflows in lp subsystem for HP-UX 10↗2022-04-30

▶

GHSA

GHSA-69q2-4j65-gwmx: Buffer overflow in rwrite for HP-UX 11↗2022-04-29

▶

CVEList

CVE-2003-1461: Buffer overflow in rwrite for HP-UX 11↗2007-10-23

▶

CVEList

CVE-2005-3277: The LPD service in HP-UX 10↗2005-10-21

▶

💥Exploits & PoCs

Exploit-DB

HP-UX LPD - Command Execution (Metasploit)↗2010-10-06

▶

Exploit-DB

HP-UX LPD 10.20/11.00/11.11 - Command Execution (Metasploit)↗2002-08-28

▶

Metasploit

HP-UX LPD Command Execution↗

▶