PT-2006-7027 · Hewlett Packard+1 · Hp Tru64 Unix+1

Published

2006-12-10

Updated

2017-07-29

CVE-2006-6418

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HP Tru64 UNIX versions 4.0F PK8, 4.0G PK4, and 5.1A PK6

Description A buffer overflow issue exists in the POSIX Threads library (libpthread) that allows local users to gain root privileges by setting a long PTHREAD CONFIG environment variable.

Recommendations For HP Tru64 UNIX version 4.0F PK8, update to a version that includes a fix for this issue. For HP Tru64 UNIX version 4.0G PK4, update to a version that includes a fix for this issue. For HP Tru64 UNIX version 5.1A PK6, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting the ability to set environment variables to prevent exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2006-6418

Affected Products

Hp Tru64 Unix

Libpthread

PT-2006-7027 · Hewlett Packard+1 · Hp Tru64 Unix+1

CVE-2006-6418

Weakness Enumeration

Related Identifiers

Affected Products

References · 8