Published: 27/10/2006 Updated: 19/10/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp hp-ux 11.23
hp hp-ux 11.4
hp hp-ux 11.00
hp hp-ux 11.11

/* HP-UX swask format string local root exploit * ============================================ * HP-UX 'swask' contains an exploitable format string * vulnerability The 'swask' utility is installed setuid * root by default Specifically the vulnerability is in * the handling of the "-s" optional arguement which is * passed to a format funct ...

NVD-CWE-Other http://blogs.23.nu/prdelka/stories/13144/http://www.securityfocus.com/bid/20726 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5804 https://www.exploit-db.com/exploits/2635 https://nvd.nist.gov https://www.exploit-db.com/exploits/2635/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5558

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect