CVE-2002-1513

Name of the Vulnerable Software and Affected Versions HP TCP/IP services for OpenVMS versions 4.2 through 5.3

Description The issue allows local users to truncate arbitrary files due to the UCX POP server running with SYSPRV and BYPASS privileges, which overrides file system permissions. This can be achieved via the -logfile command line option.

Recommendations For HP TCP/IP services for OpenVMS versions 4.2 through 5.3, consider restricting access to the -logfile command line option to prevent unauthorized file truncation until a fix is available.