SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   HPE NonStop Server Vendors:   HPE
HP NonStop Server Lets Local Users Access Restricted Files in Certain Cases
SecurityTracker Alert ID:  1017135
SecurityTracker URL:  http://securitytracker.com/id/1017135
CVE Reference:   CVE-2006-5704   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Oct 31 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): G06.29
Description:   A vulnerability was reported in HP NonStop Server. A local user can access restricted files on the target system.

The system does not properly evaluate access permissions on OSS directories when there is no optional access control list (ACL) entry assigned. This may allow a local user to gain unauthorized access to files and directories.

Impact:   A local user can gain unauthorized access to files and directories.
Solution:   The vendor has issued a fixed version (G06.29.02).

The HP advisory is available at:

http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00795238

Vendor URL:  www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00795238 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC