CVE-2006-2574
Description
Multiple unspecified vulnerabilities in HP-UX Software Distributor allow local users to gain elevated privileges on affected versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple unspecified vulnerabilities in HP-UX Software Distributor allow local users to gain elevated privileges on affected versions.
Vulnerability
The vulnerabilities exist in HP-UX Software Distributor (SD) on versions B.11.00, B.11.04, B.11.11, and B.11.23 [1]. Multiple unspecified flaws allow local users to gain privileges via unknown attack vectors [2]. The exact conditions and configuration required are not publicly detailed, but local access to the system is necessary.
Exploitation
A local user with shell access to the affected HP-UX system can exploit these vulnerabilities without additional authentication or user interaction [1]. The specific steps are not disclosed in the available references, but the attack vectors are local in nature.
Impact
Successful exploitation enables a local user to gain elevated privileges, likely root, compromising the confidentiality, integrity, and availability of the system [2].
Mitigation
HP released patches to address these issues: for HP-UX B.11.00, install patch PHCO_34568; for HP-UX B.11.11, install patch PHCO_34539 [2]. Users of other affected versions should apply corresponding patches from HP. The Avaya advisory ASA-2006-106 references these patches [2]. No workarounds are documented; applying the appropriate patch is recommended.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.4:*:*:*:*:*:*:*
- Range: HP-UX B.11.00, B.11.04, B.11.11, B.11.23
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdPatch
- secunia.com/advisories/20230nvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- secunia.com/advisories/20332nvd
- securityreason.com/securityalert/964nvd
- support.avaya.com/elmodocs2/security/ASA-2006-106.htmnvd
- www.securityfocus.com/archive/1/434838/100/0/threadednvd
- www.securityfocus.com/bid/18098nvd
- www.vupen.com/english/advisories/2006/1947nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26609nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5568nvd
News mentions
0No linked articles in our index yet.