ISS X-Force Database: hpux-mkdir-unauth-access(27583): HP-UX mkdir unauthorized access

HP-UX mkdir unauthorized access

hpux-mkdir-unauth-access (27583)

Medium Risk

Description:

An unspecified vulnerability in the HP-UX mkdir command could allow a local attacker to gain unauthorized access to the system.

Platforms Affected:

HP, HP-UX B.11.00
HP, HP-UX B.11.04
HP, HP-UX B.11.11
HP, HP-UX B.11.23

Remedy:

Refer to Hewlett-Packard Company Security Bulletin HPSBUX02128 SSRT5996 for patch or upgrade information. See References.

Consequences:

Bypass Security

References:

BugTraq Mailing List, Fri Jun 30 2006 - 14:03:57 CDT, [security bulletin] HPSBUX02128 SSRT5996 - rev.1 HP-UX mkdir(1) Local Unauthorized Access at http://archives.neohapsis.com/archives/bugtraq/2006-07/0009.html.
Hewlett-Packard Company Security Bulletin HPSBUX02128 SSRT5996, HP-UX mkdir(1) Local Unauthorized Access at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00705390.
ASA-2006-138: HP-UX mkdir Local Unauthorized Access
BID-18748: HP-UX Mkdir Local Unauthorized Access Vulnerability
CVE-2006-3335: Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.
SA20934: HP-UX mkdir Unspecified Unauthorized Access Vulnerability
SA21514: Avaya PDS HP-UX mkdir Unspecified Unauthorized Access
SECTRACK ID: 1016410: HP-UX mkdir Unspecified Bug Lets Local Users Gain Unauthorized Access
VUPEN/ADV-2006-2614: HP-UX mkdir Command Unspecified Local Unauthorized Access Vulnerability

Reported:

Jun 28, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page