HP NonStop Server Lets Local Users Access Restricted Files in Certain Cases
|
|
SecurityTracker Alert ID: 1017135 |
|
SecurityTracker URL: http://securitytracker.com/id/1017135
|
|
CVE Reference:
CVE-2006-5704
(Links to External Site)
|
Updated: Jun 3 2008
|
Original Entry Date: Oct 31 2006
|
Impact:
Disclosure of system information, Disclosure of user information, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): G06.29
|
Description:
A vulnerability was reported in HP NonStop Server. A local user can access restricted files on the target system.
The system does not properly evaluate access permissions on OSS directories when there is no optional access control list (ACL) entry assigned. This may allow a local user to gain unauthorized access to files and directories.
|
Impact:
A local user can gain unauthorized access to files and directories.
|
Solution:
The vendor has issued a fixed version (G06.29.02).
The HP advisory is available at:
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00795238
|
Vendor URL: www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00795238 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 31 Oct 2006 01:24:53 -0500
Subject: HPSBNS02166 SSRT061255 rev.1 - HP NonStop Server running G06.29, Local Unauthorized Access
|
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00795238
|
|
