CVE-2002-1604 | Vulnerability Database | Aqua Security

Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.

Affected Software

Name	Vendor	Start Version	End Version
Hp-ux	Hp	10.20 (including)	10.20 (including)
Hp-ux	Hp	11.00 (including)	11.00 (including)
Hp-ux	Hp	11.04 (including)	11.04 (including)
Hp-ux	Hp	11.11 (including)	11.11 (including)
Hp-ux	Hp	11.22 (including)	11.22 (including)
Tru64	Hp	4.0f (including)	4.0f (including)
Tru64	Hp	4.0g (including)	4.0g (including)
Tru64	Hp	5.0a (including)	5.0a (including)
Tru64	Hp	5.1 (including)	5.1 (including)
Tru64	Hp	5.1a (including)	5.1a (including)

References

http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml\u0026dt=11
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt
http://www.kb.cert.org/vuls/id/158499
http://www.kb.cert.org/vuls/id/416427
http://www.kb.cert.org/vuls/id/437899
http://www.kb.cert.org/vuls/id/448987
http://www.kb.cert.org/vuls/id/531355
http://www.kb.cert.org/vuls/id/567963
http://www.kb.cert.org/vuls/id/584243
http://www.kb.cert.org/vuls/id/592515
http://www.kb.cert.org/vuls/id/846307
http://www.securityfocus.com/archive/1/290115
http://www.securityfocus.com/bid/5647
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1604
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html