HP-UX Incorrect Password Status Bug in logins Command Lets Remote User Gain Access
|
|
SecurityTracker Alert ID: 1018709 |
|
SecurityTracker URL: http://securitytracker.com/id/1018709
|
|
CVE Reference:
CVE-2007-5008
(Links to External Site)
|
Updated: Mar 20 2008
|
Original Entry Date: Sep 19 2007
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): B.11.11, B.11.23, B.11.31
|
Description:
A vulnerability was reported in HP-UX in the logins(1M) command. A remote user can gain access to the target system.
The logins(1M) command does not properly report password status. As a result, "password issues" may not be detected and a remote user may be able to exploit this to gain remote access.
|
Impact:
A remote user can gain access to the target system.
|
Solution:
The vendor has issued the following patches, available at:
http://itrc.hp.com
For B.11.11: PHCO_36809 or subsequent
For B.11.23: PHCO_36808 or subsequent
For B.11.31: PHCO_36003 or subsequent
The HP advisory is available at:
https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01167886
|
Vendor URL: www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01167886 (Links to External Site)
|
Cause:
State error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 19 Sep 2007 14:58:26 -0400
Subject: HPSBUX02259 SSRT071439 rev.1 - HP-UX Running logins(1M), Remote Unauthorized Access
|
https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01167886
|
|
