CVE-2003-1358

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*

History

20 Nov 2024, 23:46

Type Values Removed Values Added
References () http://securityreason.com/securityalert/3236 - () http://securityreason.com/securityalert/3236 -
References () http://www.securityfocus.com/advisories/4960 - () http://www.securityfocus.com/advisories/4960 -
References () http://www.securityfocus.com/archive/1/324381 - () http://www.securityfocus.com/archive/1/324381 -
References () http://www.securityfocus.com/bid/6837 - Exploit () http://www.securityfocus.com/bid/6837 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/11312 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/11312 -

Information

Published : 2003-12-31 05:00

Updated : 2024-11-20 23:46


NVD link : CVE-2003-1358

Mitre link : CVE-2003-1358

CVE.ORG link : CVE-2003-1358


JSON object : View

Products Affected

hp

  • hp-ux
CWE
CWE-264

Permissions, Privileges, and Access Controls