CVE-2007-2553 - Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to

CVE-2007-2553

Summary

Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable.

References

Vulnerable Configurations

cpe:2.3:o:hp:tru64:5.1a:pk6:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.1a:pk6:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.1b3:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.1b3:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.1b4:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:5.1b4:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 16-10-2018 - 16:44)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23881
bugtraq	20070509 Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation
hp	HPSBTU02211 SSRT071326
misc	http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html
osvdb	36203
sectrack	1018021
secunia	25197
vupen	ADV-2007-1715
xf	hp-dop-privilege-escalation(34175)

Last major update

16-10-2018 - 16:44

Published

09-05-2007 - 17:19

Last modified

16-10-2018 - 16:44