发布时间 :2006-03-29 20:06:00
修订时间 :2011-03-07 21:33:13

[原文]/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.

[CNNVD]HP-UX Passwd不明本地拒绝服务漏洞(CNNVD-200603-497)

        在HP-UX B.11.00, B.11.11,和20060326之前版本B.11.23的/sbin/passwd "没有从一些出错状态下完全恢复",从而本地用户可制造一个拒绝服务。

- CVSS (基础分值)

CVSS分值: 4.9 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:hp:hp-ux:11.00HP-UX 11.00
cpe:/o:hp:hp-ux:11.11HP-UX 11.11

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1690passwd Local DoS Vulnerability (B.11.23)
oval:org.mitre.oval:def:1660passwd Local DoS Vulnerability (B.11.11)
oval:org.mitre.oval:def:1412HP-UX passwd(1) Local Denial of Service (DoS)

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  BID  17280
(UNKNOWN)  VUPEN  ADV-2006-1208
(UNKNOWN)  XF  hpux-passwd-dos(25596)

- 漏洞信息

HP-UX Passwd不明本地拒绝服务漏洞
中危 其他
2006-03-29 00:00:00 2006-03-30 00:00:00
        在HP-UX B.11.00, B.11.11,和20060326之前版本B.11.23的/sbin/passwd "没有从一些出错状态下完全恢复",从而本地用户可制造一个拒绝服务。

- 公告与补丁


- 漏洞信息

HP-UX passwd Unspecified Local DoS
Denial of Service
Loss of Availability Patch / RCS

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-03-26 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

HP-UX Passwd Unspecified Local Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 17280
No Yes
2006-03-28 12:00:00 2007-06-27 08:28:00
Reported by the vendor.

- 受影响的程序版本

HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.04
HP HP-UX B.11.00

- 漏洞讨论

HP-UX passwd(1) is prone to an unspecified local denial-of-service vulnerability.

This issue arises because the software fails to handle exceptional conditions in a proper manner.

Due to a lack of details, further information cannot be provided at the moment. This BID will be updated when more information becomes available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

HP advisory HPSBUX02103 (SSRT5953 rev.3 - HP-UX passwd(1) Local Denial of Service (DoS)) is available to address this issue. Please see the references for more information.

- 相关参考