First published: Mon Sep 02 2002(Updated: )
Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
HP Tru64 UNIX | =4.0g | |
HP Tru64 UNIX | =5.0a | |
HP Tru64 UNIX | =4.0f | |
HPE HP-UX | =11.11 | |
HP Tru64 UNIX | =5.1a | |
HPE HP-UX | =11.04 | |
HPE HP-UX | =11.00 | |
HP Tru64 UNIX | =5.1 | |
HPE HP-UX | =11.22 | |
HPE HP-UX | =10.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2002-1604 has a high severity due to its potential to allow local and remote attackers to execute arbitrary code.
To fix CVE-2002-1604, it is recommended to set environment variables like NLSPATH to safe values and apply any available patches from HP.
CVE-2002-1604 affects multiple versions of HP Tru64 UNIX and HP-UX, including versions from 4.0f to 5.1a and various HP-UX versions.
CVE-2002-1604 is classified as a buffer overflow vulnerability impacting several HP Tru64 UNIX and HP-UX applications.
Yes, CVE-2002-1604 can potentially be exploited remotely if certain conditions regarding the NLSPATH environment variable are met.