ISS X-Force Database: hpigniteux-addnewclient-gain-access(21857): HP Ignite UX add_new

HP Ignite UX add_new_client gain access

hpigniteux-addnewclient-gain-access (21857)

High Risk

Description:

Hewlett-Packard Ignite-UX could allow a remote attacker to gain access. A remote attacker could send a specially-crafted request to the add_new_client command to causes some sections of the TFTP server directory tree to be world-writable. A remote attacker could exploit this vulnerability to access files or copy files to the directory or cause a denial of service by consuming all disk space.

Platforms Affected:

HP, HP-UX B.11.00
HP, HP-UX B.11.11
HP, HP-UX B.11.22
HP, HP-UX B.11.23
HP, Ignite-UX

Remedy:

For HP-UX:
Apply patch Ignite-UX-11-00_c.62241, available from the Hewlett-Packard Company Web site. Hewlett-Packard customers can obtain a fix for this vulnerability from the IT Resource Center at the Hewlett-Packard Company Web site. See References.

Consequences:

Gain Access

References:

CIAC Information Bulletin P-277, HP-UX Ignite-UX Remote Unauthorized Access at http://www.ciac.org/ciac/bulletins/p-277.shtml.
Hewlett-Packard Company Web site, IT Resource Center - login / register at http://www1.itrc.hp.com/service/cki/secBullArchive.do?admit=-682735245+1116276188578+28353475.
Ignite-UX Product page, Hewlett-Packard Co. at http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=IGNITEUXB.
VulnWatch Mailing List: Tue Aug 16 2005 - 08:54:37 CDT, Corsaire Security Advisory: HP Ignite-UX filesystem permissions issue at http://archives.neohapsis.com/archives/vulnwatch/2005-q3/0027.html.
BID-14568: HP Ignite-UX Password File Disclosure Vulnerability
BID-14571: HP Ignite-UX TFTP File Upload Vulnerability
CVE-2004-0952: HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.
SA16456: HP Ignite-UX TFTP Service Two Vulnerabilities
SECTRACK ID: 1014711: HP-UX Ignite-UX File Permission Flaw May Let Remote Users Access and Modify Ignite-UX Client Data

Reported:

Aug 16, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page