CERTA-2003-AVI-098
Vulnerability from certfr_avis - Published: - Updated:None
Description
CDE (Common Desktop Environment) est une interface graphique utilisée notamment sur les plate-formes HP-UX et HP Tru64 UNIX.
Selon HP plusieurs composants de CDE sont vulnérables :
- libDtHelp
- libDtSvc
- dtprintinfo
- dtsession
- dtterm
- dtappgather
L'exploitation de vulnérabilités présentes dans ces composants permet à un utilisateur mal intentionné de réaliser une élévation de privilèges.
Solution
Pour l'obtention des correctifs consulter les bulletins de sécurité de l'éditeur (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Tru64 UNIX versions V4.0f, V4.0g, V5.1, V5.1A, V5.1B.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP-UX versions 10.20, 11.0, 11.04, 11.11, 11.22.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nCDE (Common Desktop Environment) est une interface graphique utilis\u00e9e\nnotamment sur les plate-formes HP-UX et HP Tru64 UNIX.\n\nSelon HP plusieurs composants de CDE sont vuln\u00e9rables :\n\n- libDtHelp\n- libDtSvc\n- dtprintinfo\n- dtsession\n- dtterm\n- dtappgather\n\nL\u0027exploitation de vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans ces composants permet \u00e0\nun utilisateur mal intentionn\u00e9 de r\u00e9aliser une \u00e9l\u00e9vation de privil\u00e8ges.\n\n## Solution\n\nPour l\u0027obtention des correctifs consulter les bulletins de s\u00e9curit\u00e9 de\nl\u0027\u00e9diteur (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 HPSBUX0305-263 \"SSRT2373, SSRT2374, SSRT3484 SSRT2405 SSRT2415 Potential Security Vulnerabilities in CDE\" de Hewlett-Packard",
"url": "http://itrc.hp.com"
}
],
"reference": "CERTA-2003-AVI-098",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s de CDE sur les plate-formes HP Tru64 UNIX et HP-UX",
"vendor_advisories": [
{
"published_at": null,
"title": "Vulnerabilities\" de Hewlett-Packard",
"url": "http://welcome.hp.com/country/us/eng/support.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SRB00081W \"HP Tru64 UNIX, HP-UX Potential CDE Security",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HPSBUX0305-263 \"SSRT2373, SSRT2374, SSRT3484 SSRT2405",
"url": null
},
{
"published_at": null,
"title": "SSRT2415 Potential Security Vulnerabilities in CDE\" de Hewlett-Packard",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…