CVE - CVE-2001-1182

CVE-ID
CVE-2001-1182	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
HP:HPSBUX0107-160 URL:http://archives.neohapsis.com/archives/hp/2001-q3/0014.html OVAL:oval:org.mitre.oval:def:5657 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5657
Assigning CNA
MITRE Corporation
Date Record Created
20020315	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20090302)
Votes (Legacy)
ACCEPT(5) Armstrong, Baker, Cole, Green, Ziese MODIFY(1) Frech NOOP(2) Foat, Wall REVIEWING(1) Christey
Comments (Legacy)
Frech> XF:hpux-login-unauthorized-access(6860) Christey> CIAC:L-114 URL:http://ciac.llnl.gov/ciac/bulletins/l-114.shtml BID:3068 URL:http://online.securityfocus.com/bid/3068 This would appear to be a dupe of CVE-2001-0797, but the HP advisory from CVE-2001-0797 is too vague to be certain. As quoted in the CERT advisory for CVE-2001-0797, HP says: "HP-UX does have a benign buffer overflow... [which] has been fixed by HP." HP:HPSBUX0107-160 (CVE-2001-1182) states that "The login(1) command allows restricted shell users to circumvent security checks" which could be interpreted as meaning that HP has found a slightly less-than-benign aspect of the overflow, but since (a) the advisory says nothing about overflows and (b) the advisory does not include any cross-references, it cannot be clear. There is a difference in the release dates as well, however, since the HP advisory was released in July 2001 and this CAN was publicized in December 2001, which may be sufficient evidence that the problems are different. This probably is not the same issue in login as CVE-2001-0978, since different patches are referenced in that CAN. There is insufficient information to know whether this is the same issue as CVE-2001-0094 (kerberos library issues that affect kerberized login).
Proposed (Legacy)
20020315
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)