Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1097Improper Restriction of Operations within the Bounds of a Memory Buffer in HP Hp-ux

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.8%
top 25.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Hp-ux
Timeline
PublishedDec 31
Latest updateApr 29

Description

Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDhp/hp-ux12 versions+11

Patches

Patch: www.ciac.orgPatch: www.kb.cert.orgPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-9qx7-cv62-6566: Buffer overflow in rexec on HP-UX B2022-04-29
CVEList
CVE-2003-1097: Buffer overflow in rexec on HP-UX B2005-03-11

💥Exploits & PoCs

1
Exploit-DB
HP-UX 10.x/11.x - RExec Remote 'Username' Flag Local Buffer Overrun2003-04-29
CVE-2003-1097 — HP Hp-ux vulnerability | cvebase