CVE-2003-1359
published 2003-12-31CVE-2003-1359: Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.23%
65.3th percentile
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avaya | predictive_dialer_system | — | — |
| avaya | predictive_dialer_system | — | — |
| avaya | predictive_dialer_system | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow (2)
exploitdb·2003-02-20
CVE-2003-1359 HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow (2)
HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow (2)
---
source: https://www.securityfocus.com/bid/6836/info
A buffer overflow vulnerability has been reported in the stmkfont utility shipped with HP-UX systems. The problem occurs due to insufficient bounds checking on user-suplied data to the alternate typeface library command-line option.
A local attacker may be able to exploit this issue to execute arbitrary code with elevated privileges.
All Avaya PDS 9 and 11 platforms are vulnerable to this issue. Avaya PDS 12 platforms running on HP-UX 11.00 are vulnerable as well. PDS 12 versions running on HP-UX 11.11 are not vulnerable.
#!/bin/sh
# File : ex_stmkfont.sh
# Exploit for command stmkfont of HPUX to get bin gid BUFF.
# * Usage: chmod +x ex_stmkfont.sh ; ./ex_stmkf
Exploit-DB
HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow (1)
exploitdb·2003-02-12
CVE-2003-1359 HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow (1)
HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/6836/info
A buffer overflow vulnerability has been reported in the stmkfont utility shipped with HP-UX systems. The problem occurs due to insufficient bounds checking on user-suplied data to the alternate typeface library command-line option.
A local attacker may be able to exploit this issue to execute arbitrary code with elevated privileges.
All Avaya PDS 9 and 11 platforms are vulnerable to this issue. Avaya PDS 12 platforms running on HP-UX 11.00 are vulnerable as well. PDS 12 versions running on HP-UX 11.11 are not vulnerable.
/*## copyright LAST STAGE OF DELIRIUM jun 2002 poland *://lsd-pl.net/ #*/
/*## /usr/bin/stmkfont #*/
#include
#include
#include
#define
No writeups or analysis indexed.
http://securityreason.com/securityalert/3236http://www.securityfocus.com/advisories/4959http://www.securityfocus.com/archive/1/324381http://www.securityfocus.com/bid/6836https://exchange.xforce.ibmcloud.com/vulnerabilities/11313https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5587http://securityreason.com/securityalert/3236http://www.securityfocus.com/advisories/4959http://www.securityfocus.com/archive/1/324381http://www.securityfocus.com/bid/6836https://exchange.xforce.ibmcloud.com/vulnerabilities/11313https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5587
2003-12-31
Published