CVE-2001-0979
Description
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
- (no CPE)range: =11.0
Patches
Vulnerability mechanics
Root cause
"The swverify program contains a buffer overflow vulnerability."
Attack vector
A local user can exploit this vulnerability by providing a command line argument exceeding 6039 bytes to the `swverify` program [ref_id=1]. Since `swverify` is setuid root, a successful exploit allows the local user to execute arbitrary code with root privileges, potentially gaining administrative access to the system [ref_id=1].
Affected code
The vulnerability exists in the `swverify` program, which is part of HP-UX. The exploit code targets this program by passing a large buffer as a command-line argument [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance is not available.
Preconditions
- authThe attacker must have local access to the vulnerable system.
- inputThe attacker must be able to execute the `swverify` program with a long command-line argument.
Reproduction
The provided reference write-up includes C source code for an exploit, which can be compiled and executed to demonstrate the vulnerability [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.securityfocus.com/archive/1/211687nvdExploit
- www.securityfocus.com/bid/3279nvdExploitPatchVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/7078nvd
News mentions
0No linked articles in our index yet.