CVE-2002-1616: Buffer Overflow
First published: Thu Aug 01 2002(Updated: )
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Compaq Tru64 | =4.0f | |
| Compaq Tru64 | =4.0g | |
| Compaq Tru64 | =5.0a | |
| Compaq Tru64 | =5.1 | |
| Compaq Tru64 | =5.1af |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/290115
- http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_su.txt
- http://www.kb.cert.org/vuls/id/193347
- http://www.kb.cert.org/vuls/id/671627
- http://www.kb.cert.org/vuls/id/864083
- http://www.kb.cert.org/vuls/id/177067
- http://www.kb.cert.org/vuls/id/137555
- http://www.securityfocus.com/bid/5379
- http://www.securityfocus.com/bid/5380
- http://www.securityfocus.com/bid/5381
- http://www.securityfocus.com/bid/5382
- http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
- http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11620
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10614
Frequently Asked Questions
What is the severity of CVE-2002-1616?
CVE-2002-1616 is considered critical due to multiple buffer overflows that allow local users to gain root privileges.
How do I fix CVE-2002-1616?
To fix CVE-2002-1616, you should apply the latest security patches available for the affected versions of HP Tru64 UNIX.
Which versions of HP Tru64 UNIX are affected by CVE-2002-1616?
CVE-2002-1616 affects HP Tru64 UNIX versions 4.0g, 4.0f, 5.0a, 5.1, and 5.1a.
What are the potential impacts of exploiting CVE-2002-1616?
Exploiting CVE-2002-1616 can lead to unauthorized local access, allowing attackers to execute arbitrary code with root privileges.
Is there a workaround for CVE-2002-1616?
A possible workaround for CVE-2002-1616 is to restrict local user access to vulnerable commands until patches can be applied.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/hp
- canonical/compaq tru64
- version/compaq tru64/4.0f
- version/compaq tru64/4.0g
- version/compaq tru64/5.0a
- version/compaq tru64/5.1
- version/compaq tru64/5.1af