Hp Hp-Ux vulnerabilities

CVE-2000-0573 [CRITICAL] CVE-2000-0573: The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format strin The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

CVE-2000-0515 [CRITICAL] CVE-2000-0515: The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.

CVE-2000-0468 [MEDIUM] CVE-2000-0468: man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack. man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

CVE-2000-0414 [MEDIUM] CVE-2000-0414: Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileg Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.

CVE-2000-0083 [MEDIUM] CVE-2000-0083: HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local u HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.

CVE-2000-0251 [MEDIUM] CVE-2000-0251: HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multi HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.

CVE-1999-0693 [HIGH] CVE-1999-0693: Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

CVE-2000-0159 [HIGH] CVE-2000-0159: HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set t HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.

CVE-2000-0095 [MEDIUM] CVE-2000-0095: The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.

CVE-2000-0078 [HIGH] CVE-2000-0078: The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifyi The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.

CVE-2000-0077 [HIGH] CVE-2000-0077: The October 1998 version of the HP-UX aserver program allows local users to gain privileges by speci The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

CVE-1999-1573 [CRITICAL] CVE-1999-1573: Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, ( Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.

CVE-1999-0696 [CRITICAL] CVE-1999-0696: Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

CVE-1999-0707 [HIGH] CVE-1999-0707: The default FTP configuration in HP Visualize Conference allows conference users to send a file to o The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.

CVE-1999-0690 [HIGH] CVE-1999-0690: HP CDE program includes the current directory in root's PATH variable. HP CDE program includes the current directory in root's PATH variable.

CVE-1999-0688 [MEDIUM] CVE-1999-0688: Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

CVE-1999-0686 [MEDIUM] CVE-1999-0686: Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL. Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

CVE-1999-0435 [HIGH] CVE-1999-0435: MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM. MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM.

CVE-1999-0479 [MEDIUM] CVE-1999-0479: Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.

CVE-1999-0432 [MEDIUM] CVE-1999-0432: ftp on HP-UX 11.00 allows local users to gain privileges. ftp on HP-UX 11.00 allows local users to gain privileges.