Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1616

4 documents4 sources

Severity

7.2HIGH

EPSS

0.3%

top 42.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Tru64

Timeline

PublishedAug 1

Latest updateApr 30

Description

Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/tru645 versions+4

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-p2w3-5f32-h6p6: Multiple buffer overflows in HP Tru64 UNIX 5↗2022-04-30

▶

CVEList

CVE-2002-1616: Multiple buffer overflows in HP Tru64 UNIX 5↗2005-03-25

▶

💥Exploits & PoCs

Exploit-DB

Tru64 5 - 'su' Env Local Stack Overflow↗2001-01-26

▶