The UCX POP server in HP TCP/IP services for OpenVMS 4.2 up to and including 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
compaq tcp-ip services 4.2 |
||
compaq tcp-ip services 5.0a |
||
compaq tcp-ip services 5.1 |
||
compaq tcp-ip services 5.3 |