CVE-2003-1362

Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/hp/2003-q1/0033.html
http://www.securityfocus.com/bid/6878	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/11366
http://archives.neohapsis.com/archives/hp/2003-q1/0033.html
http://www.securityfocus.com/bid/6878	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/11366

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:bastille:b.02.00.05::hp-ux:::::
	cpe:2.3:o:hp:hp-ux:11.00:::::::*
	cpe:2.3:o:hp:hp-ux:11.11:::::::*

History

20 Nov 2024, 23:46

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/hp/2003-q1/0033.html -~~	() http://archives.neohapsis.com/archives/hp/2003-q1/0033.html -
References	~~() http://www.securityfocus.com/bid/6878 - Patch~~	() http://www.securityfocus.com/bid/6878 - Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/11366 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/11366 -

Information

Published : 2003-12-31 05:00

Updated : 2024-11-20 23:46

NVD link : CVE-2003-1362

Mitre link : CVE-2003-1362

CVE.ORG link : CVE-2003-1362

JSON object : View

Products Affected

hp

bastille
hp-ux

CWE

CWE-16

Configuration

{"id": "CVE-2003-1362", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-12-31T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0033.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6878", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11366", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0033.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/6878", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11366", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases."}], "lastModified": "2024-11-20T23:46:57.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:bastille:b.02.00.05:*:hp-ux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79859BA0-D11B-49EF-B62A-1F7919F609E0"}, {"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647"}, {"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}