Analyst readout for executives and security teams
Plain-English summary
This is an old Compaq Tru64 UNIX 5.1 availability flaw. If a vulnerable inetd-managed service fails during startup, inetd may stop accepting connections for all services it controls, creating a network service outage. The bundle does not show data theft or privilege escalation impact.
Executive priority
Treat this as a legacy-system availability risk. It deserves prompt inventory and containment if Tru64 UNIX 5.1 supports business-critical services, but the provided evidence does not support an emergency exploitation claim.
Technical view
CVE-2001-1435 affects inetd on Compaq Tru64 UNIX 5.1. A service handled by inetd can core dump during startup, after which inetd stops accepting connections to all inetd-managed services. The provided sources list no CVSS, CWE, confirmed patch details, or active exploitation evidence.
Likely exposure
Exposure is likely limited to legacy Compaq Tru64 UNIX 5.1 systems that still run inetd-managed network services, especially reachable production or administrative services.
Exploitation context
The source bundle does not indicate KEV listing, public active exploitation, or weaponized exploitation. The described impact is denial of service through inetd service startup failure, not code execution.
Researcher notes
The key evidentiary gaps are severity scoring, exact affected package/build identifiers, and official fix details. The public description is narrow: Tru64 UNIX 5.1 inetd stops accepting connections after an inetd-managed service core dumps during startup.
Mitigation direction
- Identify and prioritize any remaining Tru64 UNIX 5.1 hosts.
- Check Compaq/HP SSRT0708U or trusted vendor archives for official remediation.
- Disable or isolate unnecessary inetd-managed services.
- Restrict network access to required inetd services only.
- Plan retirement or migration for unsupported Tru64 systems.
Validation and detection
- Confirm OS release and inetd use on legacy UNIX assets.
- Review inetd configuration for exposed managed services.
- Check logs and core files for inetd-managed service startup crashes.
- Verify inetd remains responsive after approved maintenance restarts.
- Document compensating controls for any system that cannot be remediated.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2001-1435 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- VU#880624CVE reference · third-party-advisory, x_refsource_CERT-VN
- tru64-inetd-dos(6157)CVE reference · vdb-entry, x_refsource_XF
- 20010226 FW: COMPAQ SSRT0708U Security Advisory Tru64 V5.1 (only) inetdCVE reference · mailing-list, x_refsource_BUGTRAQ
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
