CVE-2003-1099
https://notcve.org/view.php?id=CVE-2003-1099
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack. • http://secunia.com/advisories/10339 http://www.ciac.org/ciac/bulletins/o-032.shtml http://www.kb.cert.org/vuls/id/509454 http://www.kb.cert.org/vuls/id/CRDY-5VFQA3 http://www.securityfocus.com/bid/9141 https://exchange.xforce.ibmcloud.com/vulnerabilities/13882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5788 •
CVE-2003-1356
https://notcve.org/view.php?id=CVE-2003-1356
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors. • http://archives.neohapsis.com/archives/hp/2003-q1/0009.html http://www.securityfocus.com/bid/6640 https://exchange.xforce.ibmcloud.com/vulnerabilities/11107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2003-1461 – HP-UX 11 RWrite - Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-1461
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473). • https://www.exploit-db.com/exploits/22561 http://securityreason.com/securityalert/3283 http://www.securityfocus.com/archive/1/320323 http://www.securityfocus.com/archive/1/320371 http://www.securityfocus.com/bid/7489 https://exchange.xforce.ibmcloud.com/vulnerabilities/11919 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4897 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2003-0914
https://notcve.org/view.php?id=CVE-2003-0914
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. ISC BIND 8.3.x antes de 8.3.7, y 8.4.x antes de 8.4.3 permite a atacantes remotos envenenar la cache mediante un servidor de nombres malicioso que devuelve respuestas negativas con un valor TTL (time to live) largo. • ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt http://secunia.com/advisories/10542 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434 http://www.debian.org/security/2004/dsa-409 http://www.kb.cert.org/vuls/id/734644 http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt https://oval.cisecurity.org/repository& •
CVE-2003-0951
https://notcve.org/view.php?id=CVE-2003-0951
Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges. Partition Manager (parmgr) en HP-UX B.11.23 no validad apropiadamente los certificados proporcionados por cimserver, lo que permite que atacantes obtengan datos importantes o que ganen privilegios. • http://archives.neohapsis.com/archives/hp/2003-q4/0041.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5146 •