Open Group CDE Common Desktop Environment 2.0 dtspcd libDtSvc.so.1 memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.3 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in Open Group CDE Common Desktop Environment 2.0. Affected by this issue is some unknown functionality in the library libDtSvc.so.1 of the component dtspcd. Performing a manipulation results in memory corruption. This vulnerability is reported as CVE-2001-0803. Moreover, an exploit is present. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability classified as very critical has been found in Open Group CDE Common Desktop Environment 2.0. This affects some unknown processing in the library libDtSvc.so.1 of the component dtspcd. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
The weakness was disclosed 12/06/2001 with ISS X-Force as confirmed advisory (CERT.org). It is possible to read the advisory at kb.cert.org. This vulnerability is uniquely identified as CVE-2001-0803. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a public exploit are known. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/07/2025).
A public exploit has been developed in Perl Module. The exploit is shared for download at securityfocus.com. It is declared as highly functional. The vulnerability scanner Nessus provides a plugin with the ID 16917 (HP-UX PHSS_25787 : HP-UX running CDE dtspcd, Remote Unauthorized Access, Increased Privilege, Arbitrary Code Execution (HPSBUX00175 SSRT071388 rev.5)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family HP-UX Local Security Checks and running in the context l.
Applying a patch is able to eliminate this problem. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 1398. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 3474.
The vulnerability is also documented in the databases at X-Force (7396), Exploit-DB (9923), Tenable (16917), SecurityFocus (BID 3517†) and Vulnerability Center (SBV-349†). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.3
VulDB Base Score: 10.0
VulDB Temp Score: 9.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 16917
Nessus Name: HP-UX PHSS_25787 : HP-UX running CDE dtspcd, Remote Unauthorized Access, Increased Privilege, Arbitrary Code Execution (HPSBUX00175 SSRT071388 rev.5)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 56186
OpenVAS Name: HP-UX Update for CDE dtspcd HPSBUX00175
OpenVAS File: 🔍
OpenVAS Family: 🔍
MetaSploit ID: heap_noir.rb
MetaSploit Name: Solaris dtspcd Heap Overflow
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Snort ID: 1398
Snort Message: SERVER-OTHER CDE dtspcd exploit attempt
Snort Class: 🔍
Suricata ID: 2101398
Suricata Class: 🔍
Suricata Message: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
SourceFire IPS: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Timeline
11/06/2001 🔍11/06/2001 🔍
12/06/2001 🔍
12/06/2001 🔍
12/18/2001 🔍
12/12/2002 🔍
02/16/2005 🔍
07/10/2014 🔍
01/07/2025 🔍
Sources
Advisory: kb.cert.orgOrganization: ISS X-Force
Status: Confirmed
CVE: CVE-2001-0803 (🔍)
GCVE (CVE): GCVE-0-2001-0803
GCVE (VulDB): GCVE-100-17667
OVAL: 🔍
IAVM: 🔍
CERT: 🔍
X-Force: 7396 - Multi-vendor CDE dtspcd daemon buffer overflow
SecurityFocus: 3517 - Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability
Vulnerability Center: 349 - Buffer Overflow in CDE dtspcd Allows Arbitrary Command Execution, Critical
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 07/10/2014 17:06Updated: 01/07/2025 21:03
Changes: 07/10/2014 17:06 (97), 05/06/2019 12:54 (3), 12/15/2024 02:34 (16), 01/07/2025 21:03 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.