CVE-2001-1182

• HP:HPSBUX0107-160
• URL:http://archives.neohapsis.com/archives/hp/2001-q3/0014.html
• OVAL:oval:org.mitre.oval:def:5657
• URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5657

 Frech> XF:hpux-login-unauthorized-access(6860)
 Christey> CIAC:L-114
   URL:http://ciac.llnl.gov/ciac/bulletins/l-114.shtml
   BID:3068
   URL:http://online.securityfocus.com/bid/3068
   
   This would appear to be a dupe of CVE-2001-0797, but the HP advisory
   from CVE-2001-0797 is too vague to be certain.  As quoted in
   the CERT advisory for CVE-2001-0797, HP says:
   "HP-UX does have a benign buffer overflow... [which] has been
   fixed by HP."  HP:HPSBUX0107-160 (CVE-2001-1182) states that
   "The login(1) command allows restricted shell users to
   circumvent security checks" which could be interpreted as
   meaning that HP has found a slightly less-than-benign aspect
   of the overflow, but since (a) the advisory says nothing about
   overflows and (b) the advisory does not include any
   cross-references, it cannot be clear.  There is a difference
   in the release dates as well, however, since the HP advisory
   was released in July 2001 and this CAN was publicized in
   December 2001, which may be sufficient evidence that the
   problems are different.
   
   This probably is not the same issue in login as CVE-2001-0978,
   since different patches are referenced in that CAN.
   
   There is insufficient information to know whether this is the
   same issue as CVE-2001-0094 (kerberos library issues that
   affect kerberized login).