CVE-2007-0394HP Hp-ux vulnerability

3 documents3 sources
Severity
4.6MEDIUMNVD
CNA7.2
EPSS
0.1%
top 73.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Hp-ux
Timeline
PublishedJan 19
Latest updateMay 1

Description

HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDhp/hp-ux11.11

🔴Vulnerability Details

2
GHSA
GHSA-jcmg-xqwv-44cm: HP HP-UX B112022-05-01
CVEList
CVE-2007-0394: HP HP-UX B112007-01-19
CVE-2007-0394 — HP Hp-ux vulnerability | cvebase