PT-2002-2330 · Hewlett Packard · Hp Tru64 Unix

Published

2002-09-02

Updated

2017-07-11

CVE-2002-1605

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions HP Tru64 UNIX versions 4.0f through 5.1a

Description A buffer overflow issue allows attackers to execute arbitrary code by providing a long XKB CHARSET environment variable to certain programs. This can be exploited through programs such as dxpause, dxconsole, or dtsession.

Recommendations For HP Tru64 UNIX versions 4.0f through 5.1a, consider restricting access to the XKB CHARSET environment variable to prevent exploitation until a fix is available. Additionally, limiting the execution of dxpause, dxconsole, and dtsession to trusted users can help minimize the risk.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1605

Affected Products

Hp Tru64 Unix

PT-2002-2330 · Hewlett Packard · Hp Tru64 Unix

CVE-2002-1605

Related Identifiers

Affected Products

References · 10