PT-2003-2303 · Hewlett Packard · Rs.F300+1
Publicado
2003-12-31
·
Atualizado
2017-07-29
·
CVE-2003-1358
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
rs.F300 for HP-UX versions 10.0 through 11.22
Description
The issue allows local users to gain privileges by modifying the
PATH environment variable to point to a malicious program, such as rm, which is executed at raised privileges.Recommendations
For rs.F300 for HP-UX versions 10.0 through 11.22, consider restricting the use of the
PATH environment variable to prevent malicious program execution until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hp-Ux
Rs.F300