Description
HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457279/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457315/100/0/threaded
Scores
EPSS
0.0010
EPSS Percentile
26.7%
Details
Status
published
Products (1)
hp/hp-ux
11.11
Published
Jan 19, 2007
Tracked Since
Feb 18, 2026