CVE-2017-17482

7.8HIGH

Key Information:

Vendor
HP
Status
Openvms
Vendor
CVE Published:
7 February 2018

Summary

An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation.

References

https://groups.google.com/forum/#%21topic/comp.os.vms/BYI...
x_refsource_MISC
http://www.openvms.org/node/121
x_refsource_MISC
https://www.theregister.co.uk/2018/02/06/openvms_vulnerab...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.