CVE-2003-1358

Current Description

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.

Basic Data

PublishedDecember 31, 2003
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSHpHp-ux10.00*******
    2.3OSHpHp-ux10.01*******
    2.3OSHpHp-ux10.08*******
    2.3OSHpHp-ux10.09*******
    2.3OSHpHp-ux10.10*******
    2.3OSHpHp-ux10.16*******
    2.3OSHpHp-ux10.20*******
    2.3OSHpHp-ux10.24*******
    2.3OSHpHp-ux10.26*******
    2.3OSHpHp-ux10.30*******
    2.3OSHpHp-ux10.34*******
    2.3OSHpHp-ux11.00*******
    2.3OSHpHp-ux11.0.4*******
    2.3OSHpHp-ux11.04*******
    2.3OSHpHp-ux11.11*******
    2.3OSHpHp-ux11.20*******
    2.3OSHpHp-ux11.22*******

Vulnerable Software List

VendorProductVersions
Hp Hp-ux 10.00, 10.01, 10.08, 10.09, 10.10, 10.16, 10.20, 10.24, 10.26, 10.30, 10.34, 11.0.4, 11.00, 11.04, 11.11, 11.20, 11.22

References

NameSourceURLTags
3236http://securityreason.com/securityalert/3236SREASON
HPSBUX0302-240http://www.securityfocus.com/advisories/4960HP
20030710 [LSD] HP-UX security vulnerabilitieshttp://www.securityfocus.com/archive/1/324381BUGTRAQ
6837http://www.securityfocus.com/bid/6837BIDExploit
hp-rsf3000-daemon-access(11312)https://exchange.xforce.ibmcloud.com/vulnerabilities/11312XF