ID CVE-2000-0078
Summary The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
References
Vulnerable Configurations
  • cpe:2.3:o:hp:hp-ux:10:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:10:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2008-08-25T04:00:30.491-04:00
class vulnerability
contributors
name Michael Wood
organization Hewlett-Packard
description The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
family unix
id oval:org.mitre.oval:def:5728
status accepted
submitted 2008-07-11T14:41:52.000-04:00
title /opt/audio/bin/Aserver can be used to gain root access.
version 35
refmap via4
bugtraq 20000102 HPUX Aserver revisited.
hp HPSBUX0001-108
Last major update 03-05-2018 - 01:29
Published 02-01-2000 - 05:00
Last modified 03-05-2018 - 01:29
Back to Top