Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5557Improper Restriction of Operations within the Bounds of a Memory Buffer in HP Hp-ux

5 documents4 sources
Severity
4.6MEDIUMNVD
CNA7.2
EPSS
0.6%
top 31.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Hp-ux
Timeline
PublishedOct 27
Latest updateMay 1

Description

Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDhp/hp-ux11.00, 11.11, 11.4+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-frfv-fh86-whrq: Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B2022-05-01
CVEList
CVE-2006-5557: Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B2006-10-27

💥Exploits & PoCs

2
Exploit-DB
HP-UX 11i - 'swmodify' Local Stack Overflow / Local Privilege Escalation2006-10-24
Exploit-DB
HP-UX 11i - 'swpackage' Local Stack Overflow / Local Privilege Escalation2006-10-24
CVE-2006-5557 — HP Hp-ux vulnerability | cvebase