ID CVE-2006-5452
Summary Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
References
Vulnerable Configurations
  • cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.4:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.4:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:4.0f:*:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:4.0f:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:4.0f:pk8:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:4.0f:pk8:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:4.0g:*:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:4.0g:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:4.0g:pk4:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:4.0g:pk4:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:5.0a:*:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:5.0a:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:5.1:*:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:5.1a:*:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:5.1a:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:5.1a:pk6:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:5.1a:pk6:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:5.1af:*:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:5.1af:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:5.1b:pk1:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:5.1b:pk1:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:5.1b2:pk4:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:5.1b2:pk4:*:*:*:*:*:*
  • cpe:2.3:o:hp:tru64:5.1b3:*:*:*:*:*:*:*
    cpe:2.3:o:hp:tru64:5.1b3:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 17-10-2018 - 21:42)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2014-03-24T04:01:39.978-04:00
class vulnerability
contributors
  • name Michael Wood
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
description Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
family unix
id oval:org.mitre.oval:def:5175
status accepted
submitted 2008-07-03T16:09:05.000-04:00
title HP-UX Running dtmail, Local Execution of Arbitrary Code
version 37
refmap via4
bid 20580
hp
  • HPSBTU02163
  • HPSBUX02162
  • SSRT061223
misc http://www.netragard.com/pdfs/research/HP-TRU64-DTMAIL-20060810.txt
sectrack
  • 1017083
  • 1017098
  • 1017099
secunia
  • 22451
  • 22528
vupen
  • ADV-2006-4139
  • ADV-2006-4140
xf dtmail-tru64-bo(29644)
Last major update 17-10-2018 - 21:42
Published 23-10-2006 - 17:07
Back to Top