CVE-2002-2002

Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00219.html	Patch Vendor Advisory
http://www.lac.co.jp/security/english/snsadv_e/51_e.html
http://www.securityfocus.com/bid/4544	Patch
http://www.iss.net/security_center/static/8863.php	Patch
http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:compaq:tru64:4.0f:::::::*
	cpe:2.3:o:compaq:tru64:5.0:::::::*
	cpe:2.3:o:compaq:tru64:5.1:::::::*
	cpe:2.3:o:compaq:tru64:5.1a:::::::*

Information

Published : 2002-12-30 21:00

Updated : 2011-03-07 18:11

NVD link : CVE-2002-2002

Mitre link : CVE-2002-2002

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

compaq

tru64

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00219.html", "name": "20020417 [SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability", "tags": ["Patch", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.lac.co.jp/security/english/snsadv_e/51_e.html", "name": "http://www.lac.co.jp/security/english/snsadv_e/51_e.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/4544", "name": "4544", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/8863.php", "name": "libc-lang-locpath-bo(8863)", "tags": ["Patch"], "refsource": "XF"}, {"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml", "name": "SSRT541", "tags": [], "refsource": "COMPAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-2002", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:11Z"}