header-logo
Suggest Exploit
vendor:
OpenVMS
by:
SecurityFocus
7.2
CVSS
HIGH
UCX POP Server Vulnerability
264
CWE
Product Name: OpenVMS
Affected Version From: OpenVMS 6.2
Affected Version To: OpenVMS 7.3
Patch Exists: YES
Related CWE: CVE-2002-0206
CPE: o:hp:openvms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

UCX POP Server Vulnerability

A vulnerability in the UCX POP server used by OpenVMS allows a malicious local user to overwrite arbitrary files on the filesystem. This can be done by running the UCX POP server with a logfile argument pointing to a file the user should not be able to write to.

Mitigation:

Upgrade to the latest version of OpenVMS.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5790/info

An issue with the UCX POP (Post Office Protocol) server used by OpenVMS has been reported. It is possible for a malicous local user to overwrite arbitrary files on the filesystem by exploiting a vulnerability in the UCX POP server.

$
$ break_it :== $sys$system:ucx$pop_server.exe
$ break_it -logfile sys$system:I_SHOULDNT_BE_ABLE_TO_WRITE_HERE

Navigation

Suggest Exploit

Services By CQR