|
|
CVE-ID | ||
---|---|---|
CVE-2001-1182 |
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
|
Description | ||
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges. | ||
References | ||
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | ||
|
||
Assigning CNA | ||
MITRE Corporation | ||
Date Record Created | ||
20020315 | Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. | |
Phase (Legacy) | ||
Modified (20090302) | ||
Votes (Legacy) | ||
ACCEPT(5) Armstrong, Baker, Cole, Green, Ziese MODIFY(1) Frech NOOP(2) Foat, Wall REVIEWING(1) Christey |
||
Comments (Legacy) | ||
Frech> XF:hpux-login-unauthorized-access(6860) Christey> CIAC:L-114 URL:http://ciac.llnl.gov/ciac/bulletins/l-114.shtml BID:3068 URL:http://online.securityfocus.com/bid/3068 This would appear to be a dupe of CVE-2001-0797, but the HP advisory from CVE-2001-0797 is too vague to be certain. As quoted in the CERT advisory for CVE-2001-0797, HP says: "HP-UX does have a benign buffer overflow... [which] has been fixed by HP." HP:HPSBUX0107-160 (CVE-2001-1182) states that "The login(1) command allows restricted shell users to circumvent security checks" which could be interpreted as meaning that HP has found a slightly less-than-benign aspect of the overflow, but since (a) the advisory says nothing about overflows and (b) the advisory does not include any cross-references, it cannot be clear. There is a difference in the release dates as well, however, since the HP advisory was released in July 2001 and this CAN was publicized in December 2001, which may be sufficient evidence that the problems are different. This probably is not the same issue in login as CVE-2001-0978, since different patches are referenced in that CAN. There is insufficient information to know whether this is the same issue as CVE-2001-0094 (kerberos library issues that affect kerberized login). |
||
Proposed (Legacy) | ||
20020315 | ||
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. | ||
You can also search by reference using the CVE Reference Maps.
|
||
For More Information: CVE Request Web Form (select "Other" from dropdown) |