CVE-2003-1358

Hp-ux - Access Control

Title source: rule

Description

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Last Stage of Delirium · bashlocalhp-ux

https://www.exploit-db.com/exploits/22248

View Code ZIP pw:eip

References (5)

[Exploit] http://www.securityfocus.com/bid/6837

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/advisories/4960

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/324381

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/11312

[Third Party Advisory] http://securityreason.com/securityalert/3236

Scores

EPSS 0.0081

EPSS Percentile 74.2%

Details

CWE

CWE-264

Status published

Products (17)

hp/hp-ux 10.00

hp/hp-ux 10.01

hp/hp-ux 10.08

hp/hp-ux 10.09

hp/hp-ux 10.10

hp/hp-ux 10.16

hp/hp-ux 10.20

hp/hp-ux 10.24

hp/hp-ux 10.26

hp/hp-ux 10.30

... and 7 more

Published Dec 31, 2003

Tracked Since Feb 18, 2026