Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1358 — HP Hp-ux vulnerability

CWE-2646 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.8%

top 25.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Hp-ux

Timeline

PublishedDec 31

Latest updateApr 29

Description

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/hp-ux17 versions+16

🔴Vulnerability Details

GHSA

GHSA-fr78-grw8-43p6: rs↗2022-04-29

▶

CVEList

CVE-2003-1358: rs↗2007-10-17

▶

💥Exploits & PoCs

Exploit-DB

Alt-N MDaemon IMAP server 9.6.4 - 'FETCH' Remote Buffer Overflow↗2008-03-13

▶

Exploit-DB

HP-UX 10.x - rs.F3000 Unauthorized Access↗2003-02-12

▶

💬Community

Bugzilla

A number of tomcat issues↗2007-05-09

▶