Vulnerability Details CVE-2002-1513
The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.1%
CVSS Severity
CVSS v2 Score 4.6
References
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html
- http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html
- http://online.securityfocus.com/archive/1/293070
- http://www.iss.net/security_center/static/10236.php
- http://www.securityfocus.com/bid/5790
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html
- http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html
- http://online.securityfocus.com/archive/1/293070
- http://www.iss.net/security_center/static/10236.php
- http://www.securityfocus.com/bid/5790
Products affected by CVE-2002-1513
-
cpe:2.3:o:compaq:tcp-ip_services:4.2
-
cpe:2.3:o:compaq:tcp-ip_services:5.0a
-
cpe:2.3:o:compaq:tcp-ip_services:5.1
-
cpe:2.3:o:compaq:tcp-ip_services:5.3