ID CVE-2006-1509
Summary /sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service. This vulnerability affects all versions of HP-UX B.11.00, B.11.11, and B.11.23 before 20060326.
References
Vulnerable Configurations
  • cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
CVSS
Base: 4.9 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
oval via4
  • accepted 2014-03-24T04:00:35.646-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Michael Wood
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description /sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.
    family unix
    id oval:org.mitre.oval:def:1412
    status accepted
    submitted 2006-03-29T06:11:00.000-04:00
    title HP-UX passwd(1) Local Denial of Service (DoS)
    version 40
  • accepted 2011-05-09T04:01:18.480-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description /sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.
    family unix
    id oval:org.mitre.oval:def:1660
    status accepted
    submitted 2006-03-29T06:11:00.000-04:00
    title passwd Local DoS Vulnerability (B.11.11)
    version 37
  • accepted 2011-05-09T04:01:19.146-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description /sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.
    family unix
    id oval:org.mitre.oval:def:1690
    status accepted
    submitted 2006-03-29T06:11:00.000-04:00
    title passwd Local DoS Vulnerability (B.11.23)
    version 35
refmap via4
bid 17280
hp
  • HPSBUX02103
  • SSRT5953
secunia 19490
vupen ADV-2006-1208
xf hpux-passwd-dos(25596)
Last major update 11-10-2017 - 01:30
Published 30-03-2006 - 01:06
Back to Top