CVE-2002-1473

HP-UX 10.20-11.11 - Buffer Overflow in lp Subsystem

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2002-1473. PoCs published by Metasploit, H D Moore, hdm, including Metasploit module exploits/hpux/lpd/cleanup_exec.

AI-analyzed exploit summary This Metasploit module exploits an unpublished vulnerability in HP-UX LPD service (CVE-2002-1473) to execute arbitrary commands as root. It sends a malformed job request with an embedded payload, followed by a fake control file, and triggers a cleanup routine hijack.

Description

Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehp-ux

https://www.exploit-db.com/exploits/16927

View Code ZIP pw:eip

This Metasploit module exploits an unpublished vulnerability in HP-UX LPD service (CVE-2002-1473) to execute arbitrary commands as root. It sends a malformed job request with an embedded payload, followed by a fake control file, and triggers a cleanup routine hijack.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP-UX LPD service (pre-HPSBUX0208-213 patch)

No auth needed

Prerequisites: Network access to target's LPD service (port 515) · Target must resolve attacker's IP

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by H D Moore · rubyremotehp-ux

https://www.exploit-db.com/exploits/10034

View Code ZIP pw:eip

This Metasploit module exploits an unpublished vulnerability in the HP-UX LPD service (CVE-2002-1473) to achieve remote command execution as root. It sends a malformed job request with an embedded command payload, followed by a fake control file, and triggers an error to hijack the cleanup routine.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP-UX LPD service (versions affected by CVE-2002-1473)

No auth needed

Prerequisites: Target must be running a vulnerable HP-UX LPD service · Attacker's IP must be resolvable by the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by hdm · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/hpux/lpd/cleanup_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an unpublished vulnerability in the HP-UX LPD service (CVE-2002-1473) to achieve remote command execution as root. It sends a malformed job request with an embedded payload, followed by a fake control file, and triggers a cleanup routine hijack.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP-UX LPD service (pre-HPSBUX0208-213 patch)

No auth needed

Prerequisites: Target must resolve attacker's IP · LPD service must be running on port 515

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9992.php

Patch, Vendor Advisory vendor-advisory x_refsource_hp

http://archives.neohapsis.com/archives/hp/2002-q3/0064.html

Scores

EPSS 0.0443

EPSS Percentile 90.1%

Details

Status published

Products (3)

hp/hp-ux 10.20

hp/hp-ux 11.00

hp/hp-ux 11.11

Published Apr 22, 2003

Tracked Since Feb 18, 2026