Back to search
CVE-2007-0394
Published: Jan 19, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20070118 Multiple OS kernel insecure handling of stdio file descriptor
mailing-list
x_refsource_BUGTRAQ
20070118 Re: Multiple OS kernel insecure handling of stdio file descriptor
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now