CVE-2017-17482

Published: Feb 7, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation.

Affected (4)

Products: Hp: Openvms

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Hp Openvms	Up to 8.4-2l1
Hp Openvms	Up to 8.4-2l1
Hp Openvms	From 4.0
Hp Openvms	From 4.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://www.openvms.org/node/121

Source: cve@mitre.org

Vendor Advisory

https://groups.google.com/forum/#%21topic/comp.os.vms/BYIUQ0lJ-s0

Source: cve@mitre.org

https://www.theregister.co.uk/2018/02/06/openvms_vulnerability/

Source: cve@mitre.org

Third Party Advisory

http://www.openvms.org/node/121

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://groups.google.com/forum/#%21topic/comp.os.vms/BYIUQ0lJ-s0

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.theregister.co.uk/2018/02/06/openvms_vulnerability/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.