HP StorageWorks Command View XP May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1017959
|
|
SecurityTracker URL: http://securitytracker.com/id?1017959
|
|
CVE Reference: CVE-2007-2275
(Links to External Site)
|
Updated: May 12 2008
|
Original Entry Date: Apr 25 2007
|
Impact: User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: HP Security Bulletin
|
Version(s): 5.0.0-00 - 5.1.0-05, 5.5.0-00 - 5.5.0-02
|
Description: A vulnerability was reported in HP StorageWorks Command View XP. A local user may be able to obtain elevated privileges on the target system.
The new user registration and addition functions may allow a local user to access other user accounts. This may allow a local user
to gain elevated privileges on the target system.
The HP StorageWorks XP Replication Monitor and HP StorageWorks XP Tiered Storage
Manager are also affected.
The following models are affected:
HP StorageWorks Command View Device Manager
HP StorageWorks
Command View Global Link Availability Manager
HP StorageWorks Command View Replication Monitor
HP StorageWorks Command View Tiered
Storage Manager
HP StorageWorks Command View Tuning Manager
|
Impact: A local user may be able to obtain elevated privileges on the target system.
|
Solution: HP has issued a fixed version (5.6.0-01), available at:
http://welcome.hp.com/country/us/en/support.html?pageDisplay=drivers
The HP advisory is available at:
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBST02200
|
Cause: Not specified
|
Underlying OS: Windows (NT), Windows (2000), Windows (2003)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 25 Apr 2007 08:23:04 -0400
Subject: HPSBST02200 SSRT071330 rev.1 - HP StorageWorks Command View Advanced Edition for XP, Local Unauthorized Access
|
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBST02200
|
|
