vendor:
Tru64/OSF1
by:
stripey
7.2
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Tru64/OSF1
Affected Version From: Tru64 5.1
Affected Version To: Tru64 5.1
Patch Exists: NO
Related CWE: N/A
CPE: o:hp:tru64_osf1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002
HP Tru64/OSF1 dxterm Buffer Overflow
The HP Tru64/OSF1 dxterm utility is prone to a locally exploitable buffer overflow condition. This issue is due to insufficient checking of command line input supplied via the "-xrm" parameter. This parameter serves the same purpose as the "-customization" command line parameter, which is also not sufficiently checked. Since this utility is installed setuid root, code execution that results from successful exploitation of this issue will yield root privileges on the system.
Mitigation:
Ensure that the dxterm utility is not installed with setuid root privileges.