CVE-2005-3277

HP-UX 10.20 11.11 (11i) and earlier - Remote Code Execution via LPD Service Shell Metacharacter Injection

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3277. PoCs published by H D Moore.

AI-analyzed exploit summary This exploit targets an unpublished vulnerability in the HP-UX LPD service, allowing unauthenticated remote command execution with root privileges. It leverages a second connection to inject commands via backticks in a job request.

Description

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.

Exploits (1)

exploitdb WORKING POC VERIFIED
by H D Moore · remotehp-ux
https://www.exploit-db.com/exploits/1261

This exploit targets an unpublished vulnerability in the HP-UX LPD service, allowing unauthenticated remote command execution with root privileges. It leverages a second connection to inject commands via backticks in a job request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP-UX LPD service (pre-HPSBUX0208-213 patch)
No auth needed
Prerequisites: Target must resolve attacker's IP · LPD service must be running on port 515
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
http://archives.neohapsis.com/archives/hp/2002-q3/0064.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15136

Scores

EPSS 0.1893
EPSS Percentile 96.9%

Details

Status published
Products (3)
hp/hp-ux 10.20
hp/hp-ux 11.00
hp/hp-ux 11.11
Published Oct 21, 2005
Tracked Since Feb 18, 2026