CVE-2002-2263 - The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11

CVE-2002-2263

Summary

The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.

References

http://www.securityfocus.com/advisories/4766
http://www.securityfocus.com/bid/6357
https://exchange.xforce.ibmcloud.com/vulnerabilities/10838

Vulnerable Configurations

cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
cpe:2.3:a:hp:visualize_conference_ftp:b.11.00.11:*:*:*:*:*:*:*
cpe:2.3:a:hp:visualize_conference_ftp:b.11.00.11:*:*:*:*:*:*:*

CVSS

Base:	6.6 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:N

refmap via4

bid	6357
hp	HPSBUX0212-232
xf	hp-vizualizeconf-insecure-permissions(10838)

Last major update

29-07-2017 - 01:29

Published

31-12-2002 - 05:00

Last modified

29-07-2017 - 01:29