CVE-2002-1604

Name: CVE-2002-1604
Creator: NVD / NIST
Published: 2002-09-02T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 14.97%

Last modified Jun 16, 2026

CVE-2002-1604 is a vulnerability of currently unknown severity. Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.. EPSS estimates a 14.97% chance of exploitation in the next 30 days.

Description

Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.

Metrics

EPSS Probability

14.97%

96.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Hp	Hp-Ux	10.20
Hp	Hp-Ux	11.00
Hp	Hp-Ux	11.04
Hp	Hp-Ux	11.11
Hp	Hp-Ux	11.22
Hp	Tru64	4.0f
Hp	Tru64	4.0g
Hp	Tru64	5.0a
Hp	Tru64	5.1
Hp	Tru64	5.1a

References

http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txtExploit
http://www.kb.cert.org/vuls/id/158499Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/416427Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/437899Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/448987Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/531355Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/567963Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/584243Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/592515Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/846307Third Party Advisory, US Government Resource
http://www.securityfocus.com/archive/1/290115
http://www.securityfocus.com/bid/5647
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txtExploit
http://www.kb.cert.org/vuls/id/158499Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/416427Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/437899Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/448987Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/531355Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/567963Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/584243Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/592515Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/846307Third Party Advisory, US Government Resource
http://www.securityfocus.com/archive/1/290115
http://www.securityfocus.com/bid/5647
https://exchange.xforce.ibmcloud.com/vulnerabilities/10016

Timeline

Published: Sep 2, 2002
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2002-1604?

How severe is CVE-2002-1604?

Severity scoring for CVE-2002-1604 is pending analysis. The EPSS model estimates a 14.97% probability of exploitation in the next 30 days.

How do I fix CVE-2002-1604?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-1604?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST