PT-2008-5270 · Hewlett Packard · Hp Tcp/Ip Services For Openvms

Published

2008-09-05

Updated

2017-08-08

CVE-2008-3940

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions HP TCP/IP Services for OpenVMS version 5.x

Description The issue is related to a format string vulnerability in the finger client. This vulnerability allows local users to gain privileges by using format string specifiers in a .plan or .project file.

Recommendations For HP TCP/IP Services for OpenVMS version 5.x, update to a version that includes a fix for this issue to prevent local users from gaining privileges via format string specifiers in a .plan or .project file.

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2008-3940

Affected Products

Hp Tcp/Ip Services For Openvms

PT-2008-5270 · Hewlett Packard · Hp Tcp/Ip Services For Openvms

CVE-2008-3940

Weakness Enumeration

Related Identifiers

Affected Products

References · 6