SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Other)  >   OpenVMS Vendors:   HPE
HP OpenVMS SMGRTL Run Time Library Bug Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1020851
SecurityTracker URL:  http://securitytracker.com/id/1020851
CVE Reference:   CVE-2008-3540   (Links to External Site)
Updated:  Sep 25 2008
Original Entry Date:  Sep 10 2008
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.2, 7.3, 7.3-2, 8.2, 8.2-1, 8.3
Description:   A vulnerability was reported in HP OpenVMS. A local user can obtain elevated privileges on the target system.

A local user can exploit an unspecified flaw in the SMGRTL Run Time Library to gain elevated privileges.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   The vendor has issued the following early release patch kits.

HP OpenVMS for Integrity Servers v 8.3-1H1 ECO VMS831H1I_MUP-SMGRTL-V0100
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3-1H1/VMS831H1I_SMGRTL_MUP-V0100.ZIPEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3-1H1/VMS831H1I_SMGRTL_MUP-V0100.txt

HP OpenVMS for Integrity Servers v 8.3 ECO VMS83I_SMGRTL_MUP-V0100
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VMS83I_SMGRTL_MUP-V0100.ZIPEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VMS83I_SMGRTL_MUP-V0100.txt

HP OpenVMS for Integrity Servers v 8.2-1 ECO VMS821I_SMGRTL_MUP-V0100
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.2-1/VMS821I_SMGRTL_MUP-V0100.ZIPEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.2-1/VMS821I_SMGRTL_MUP-V0100.txt

HP OpenVMS for Integrity Servers v 8.3 ECO VMS83I_SMGRTL_MUP-V0100
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VMS83I_SMGRTL_MUP-V0100.ZIPEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VMS83I_SMGRTL_MUP-V0100.txt

HP OpenVMS ALPHA v 8.3 ECO VMS83A_SMGRTL_MUP-V0100
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.3/VMS83A_SMGRTL_MUP-V0100.ZIPEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.3/VMS83A_SMGRTL_MUP-V0100.txt

HP OpenVMS ALPHA v 8.2 ECO VMS82A_SMGRTL_MUP-V0100
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.2/VMS82A_SMGRTL_MUP-V0100.ZIPEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.2/VMS82A_SMGRTL_MUP-V0100.txt

HP OpenVMS ALPHA v 7.3-2 ECO VMS732_SMGRTL_MUP-V0100
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/VMS732_SMGRTL_MUP-V0100.ZIPEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/VMS732_SMGRTL_MUP-V0100.txt

HP OpenVMS ALPHA v 6.2 ECO ALPSMGRMUP01_062
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V6.2X/ALPSMGRMUP01_062.A-DCX_AXPEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V6.2X/ALPSMGRMUP01_062.txt

HP OpenVMS VAX v 7.3 ECO VAXSMGRMUP01_073
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAXSMGRMUP01_073.ZIPEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAXSMGRMUP01_073.txt

HP OpenVMS VAX v 6.2 ECO VAXSMGRMUP01_062
ECO Kit: ftp://ftp.itrc.hp.com/openvms_patches/vax/V6.2/VAXSMGRMUP01_062.A-DCX_VAXEXE
ECO Notes: ftp://ftp.itrc.hp.com/openvms_patches/vax/V6.2/VAXSMGRMUP01_062.txt

The vendor's advisory is available at:

https://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01539423

Vendor URL:  www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01539423 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC