CVE-ID

CVE-1999-0246

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
HP Remote Watch allows a remote user to gain root access.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • XF:hp-remote
Assigning CNA
MITRE Corporation
Date Record Created
19990607 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19990630)
Votes (Legacy)
ACCEPT(4) Frech, Hill, Northcutt, Prosser
NOOP(1) Baker
RECAST(1) Christey
Comments (Legacy)
 Frech> Comment: Determine if it's RemoteWatch or Remote Watch.
 Christey> HP:HPSBUX9610-039 alludes to multiple vulnerabilities in
   Remote Watch (the advisory uses two words, not one, for the
   "Remote Watch" name)
   
   ADDREF BUGTRAQ:19961015 HP/UX Remote Watch (was Re: BoS: SOD remote exploit)
   URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=199610151351.JAA18241@grymoire.crd.ge.com
 Prosser> agree that the advisory mentions two vulnerabilities in Remote
   Watch, one being a socket connection and other with the showdisk utility
   which seems to be a suid vulnerability.  Never get much details on this
   anywhere since the recommendation is to remove the program since it is
   obsolete and superceded by later tools. Believe the biggest concern here is
   to just not run the tool at all.
 Christey> CIAC:H-16
   Also, http://www.cert.org/vendor_bulletins/VB-96.20.hp
   And possibly AUSCERT:AA-96.07 at
   ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.07.HP-UX.Remote.Watch.vul
 Christey> Also BUGTRAQ:19961013 BoS: SOD remote exploit
   http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419969&w=2
   Include "remwatch" in the description to facilitate search.

Proposed (Legacy)
19990630
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.