HP Tru64 UNIX ps Command Discloses Potentially Sensitive Information to Local Users
|
SecurityTracker Alert ID: 1018005 |
SecurityTracker URL: http://securitytracker.com/id/1018005
|
CVE Reference:
CVE-2007-0805
(Links to External Site)
|
Updated: May 12 2008
|
Original Entry Date: May 4 2007
|
Impact:
Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0F PK8, 4.0G PK4, 5.1A PK6, 5.1B-3, 5.1B-4
|
Description:
A vulnerability was reported in the 'ps' command on HP Tru64 UNIX. A local user can view potentially sensitive information.
A local user can invoke the command to view information about the arguments and environment variables of a process.
|
Impact:
A local user can view potentially sensitive information about a process.
|
Solution:
The vendor has issued the following Early Release Patch kits.
HP Tru64 UNIX Version v5.1B-4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001143-V51BB27-ES-20070305
Name: T64KIT1001143-V51BB27-ES-20070305
MD5 Checksum: 44b15d10895cf0606003a572b3310f9a
HP Tru64 UNIX Version v5.1B-3 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001144-V51BB26-ES-20070305
Name: T64KIT1001144-V51BB26-ES-20070305
MD5 Checksum: 67cfabb7cd3c422e2dc6bb6ed3d7d290
HP Tru64 UNIX Version v5.1A PK6 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001145-V51AB24-ES-20070305
Name: T64KIT1001145-V51AB24-ES-20070305
MD5 Checksum: de6885b166dba703af862ce05431e5cc
HP Tru64 UNIX Version v4.0G PK4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001179-V40GB22-ES-20070330
Name: T64KIT1001179-V40GB22-ES-20070330
MD5 Checksum: 31129e60bb01ffdea015312c0e019fae
HP Tru64 UNIX Version v4.0F PK8 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001180-V40FB22-ES-20070330
Name: DUXKIT1001180-V40FB22-ES-20070330
MD5 Checksum: db9d634bb27f02642e00f149d6ebb8ee
The HP advisory is available at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00817515
|
Vendor URL: h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00817515 (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|