CVE-2001-0891

Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=100695627423924&w=2
http://www.osvdb.org/3275
http://www.securityfocus.com/bid/3590
https://exchange.xforce.ibmcloud.com/vulnerabilities/7618

Configurations

Configuration 1 (hide)

cpe:2.3:a:sgi:nqsdaemon:3.3.0.16:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:cray:unicos:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-01-31 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2001-0891

Mitre link : CVE-2001-0891

CVE.ORG link : CVE-2001-0891

JSON object : View

Products Affected

sgi

nqsdaemon

cray

unicos

CWE

NVD-CWE-Other

{"id": "CVE-2001-0891", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-01-31T05:00:00.000", "references": [{"url": "ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=100695627423924&w=2", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/3275", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3590", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7618", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters."}, {"lang": "es", "value": "Vulnerabilidad en el formateado de cadenas en el demonio NQS (nqsdaemon) en NQE 3.3.0.16 para CRAY UNICOS permite que un usuario local obtenga privilegios de root usando qsub para enviar un proceso job cuyo nombre contiene caracteres de formatado."}], "lastModified": "2017-10-10T01:29:55.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sgi:nqsdaemon:3.3.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F517BBC-025F-475C-8BD4-2AC77D11265B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cray:unicos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7B7EE1D-BD38-49D6-B58E-34A53EB150C1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}