VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 23, 2004· Updated Apr 16, 2026

CVE-2004-1375

CVE-2004-1375

Description

Local privilege escalation in HP-UX SAM on B.11.00, B.11.11, B.11.22, and B.11.23 allows an attacker to gain elevated privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local privilege escalation in HP-UX SAM on B.11.00, B.11.11, B.11.22, and B.11.23 allows an attacker to gain elevated privileges.

Vulnerability

An unknown vulnerability exists in the System Administration Manager (SAM) on HP-UX B.11.00, B.11.11, B.11.22, and B.11.23. The affected filesets include InternetSrvcs.INETSVCS-BOOT, OS-Core.UX-CORE, SystemAdmin-OBAM-RUN, and System.Admin.SAM (depending on the version) [1]. The exact nature of the flaw is not publicly disclosed, but it is reachable by a local user through the SAM interface.

Exploitation

A local attacker needs only a user account on the affected HP-UX system. No special privileges or authentication are required beyond standard local access. The attacker can trigger the vulnerability by using the SAM command or related utilities, leading to privilege escalation. The specific steps are not detailed in the available references [1].

Impact

Successful exploitation allows a local attacker to gain elevated privileges, potentially root-level access, on the affected HP-UX system. This could lead to full compromise of the system, including access to sensitive data and the ability to modify system configuration [1].

Mitigation

HP has released patches to address this vulnerability: PHCO_28125 for B.11.00, PHSS_31240 for B.11.11, PHSS_31243 for B.11.22, and PHSS_31817 for B.11.23 [1]. Administrators should apply the appropriate patch as soon as possible. No workaround is mentioned in the available references [1].

References
  1. '[ Security Bulletin ] SSRT4699 rev.0 HP-UX SAM local privilege increase'

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Microfocus/Hpux5 versions
    cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
    • cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
    • cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
    • cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
    • cpe:2.3:o:hp:hp-ux:11.4:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.