Buffer Overflow in HP CIFS/9000 Client Enables Local Privilege Escalation
CVE-2002-0991

Currently unrated

Key Information:

Vendor: HP
Status: Cifs-9000 Server
Vendor: CVE Published:; 4 October 2002

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A buffer overflow vulnerability exists in the cifslogin command for the HP CIFS/9000 Client version A.01.06 and earlier. This weakness arises from the mishandling of input parameters, specifically the -U, -D, -P, -S, -N, and -u options, allowing local users to execute arbitrary code with root privileges. Exploiting this flaw could lead to unauthorized access and control over the affected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2002-0991
Created by alt3kx

References

http://archives.neohapsis.com/archives/hp/2002-q3/0016.html

vendor-advisoryx_refsource_HP

http://www.iss.net/security_center/static/9431.php

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2002-06/03...

mailing-listx_refsource_BUGTRAQ

Timeline

🟡
Public PoC available
May 11, 2018
👾
Exploit known to exist
May 11, 2018
Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Aug 27, 2002