- Description
- Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:N/A:N
- nvd@nist.gov
- CWE-16
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:bastille:b.02.00.05:*:hp-ux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79859BA0-D11B-49EF-B62A-1F7919F609E0"
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647"
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F"
}
],
"operator": "OR"
}
]
}
]