Unrated severityNVD Advisory· Published Nov 23, 2005· Updated Jun 16, 2026

CVE-2005-3779

Description

Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Microfocus/Hpux3 versions
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*

Patches

Vulnerability mechanics

Root cause

"Unspecified vulnerability in xterm on HP-UX that allows local privilege escalation."

Attack vector

A local user can exploit this unspecified vulnerability in xterm to gain unauthorized access (privilege escalation). The advisory does not describe the attack vector, payload shape, or preconditions beyond requiring local access to the system. No CWE ID is assigned in the bundle, and the advisory provides no details on the nature of the flaw.

Affected code

The vulnerability exists in the xterm binary shipped with HP-UX 11.00, 11.11, and 11.23, specifically within the X11.X11-RUN-CL fileset. The advisory identifies several patch versions (PHSS_32109, PHSS_30791, PHSS_33589, PHSS_31833, PHSS_32366) that contain the vulnerable xterm, but does not specify the exact function or code path at fault.

What the fix does

The advisory does not provide a patch; instead it recommends removing the affected patches (PHSS_32109, PHSS_30791, PHSS_33589, PHSS_31833, PHSS_32366) or replacing the vulnerable /usr/bin/X11/xterm with the older /usr/contrib/bin/X11R5/xterm binary. The rationale is that the older X11R5 version does not contain the vulnerability, but the advisory does not explain what specific defect the patches introduced.

Preconditions

authAttacker must have local access to the HP-UX system
configThe system must run HP-UX B.11.00, B.11.11, or B.11.23 with an affected xterm binary

Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

secunia.com/advisories/17545/nvdVendor Advisory
securitytracker.com/idnvdVendor Advisory
www.vupen.com/english/advisories/2005/2414nvdVendor Advisory
marc.infonvd
www.securityfocus.com/bid/15412nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23161nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1461nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A598nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000