Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   HPE Ignite-UX Vendors:   HPE
HP-UX Ignite-UX File Permission Flaw May Let Remote Users Access and Modify Ignite-UX Client Data
SecurityTracker Alert ID:  1014711
SecurityTracker URL:
CVE Reference:   CVE-2004-0951, CVE-2004-0952   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 16 2005
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to C.6.2.241
Description:   A vulnerability was reported in HP-UX Ignite-UX. A remote user may be able to access the system.

Unsafe file permissions in systems with HP-UX that are running Ignite-UX may allow a remote user to access and modify Ignite-UX client data on the target Ignite-UX server.

The 'add_new_client' command may cause sections of the TFTP server tree to be configured with world-writeable permissions [CVE-2004-0952].

The 'make_recovery' command causes a copy of the /etc/passwd file to be created in the TFTP server tree, allowing remote users to access the file.

The vendor was notified on November 23, 2004.

The vendor credits Corsaire Limited with reporting this vulnerability.

Impact:   A remote user may be able to access and modify Ignite-UX client data on the target Ignite-UX server.
Solution:   The vendor has issued a fixed version of Ignite-UX (C.6.2.241), available at:



Ignite-UX_All_C.6.2.241.depot (contains all four depots)

Vendor URL: (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  UNIX (HP/UX)
Underlying OS Comments:  11.00, 11.11, 11.22, and 11.23

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC