Hp Hp-Ux vulnerabilities

CVE-2001-1198 [HIGH] CVE-2001-1198: RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privilege RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.

CVE-2001-0797 [CRITICAL] CVE-2001-0797: Buffer overflow in login in various System V based operating systems allows remote attackers to exec Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

CVE-2001-0817 [CRITICAL] CVE-2001-0817: Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote at Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.

CVE-2001-0809 [LOW] CVE-2001-0809: Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configur Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.

CVE-2001-0772 [MEDIUM] CVE-2001-0772: Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in H Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.

CVE-2001-1124 [MEDIUM] CVE-2001-1124: rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core d rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.

CVE-2001-0668 [HIGH] CVE-2001-0668: Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attack Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.

CVE-2001-1136 [LOW] CVE-2001-1136: The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.

CVE-2001-0978 [HIGH] CVE-2001-0978: login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attac login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.

CVE-2001-0979 [HIGH] CVE-2001-0979: Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain p Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.

CVE-2001-0607 [MEDIUM] CVE-2001-0607: asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.

CVE-2001-1264 [CRITICAL] CVE-2001-1264: Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allo Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.

CVE-2001-1182 [HIGH] CVE-2001-1182: Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass cert Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.

CVE-2001-1181 [HIGH] CVE-2001-1181: Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.

CVE-2001-1244 [MEDIUM] CVE-2001-1244: Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth an Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

CVE-2001-0488 [LOW] CVE-2001-0488: pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.

CVE-2001-0248 [CRITICAL] CWE-131 CVE-2001-0248: Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by cr Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

CVE-2001-0249 [CRITICAL] CWE-131 CVE-2001-0249: Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by cr Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

CVE-2001-0379 [MEDIUM] CVE-2001-0379: Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.

CVE-2001-1256 [LOW] CVE-2001-1256: kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable file kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.