Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   HPE Ignite-UX Vendors:   HPE
HP-UX Ignite-UX/DynRootDisk get_system_info Command Bug Lets Local Users Modify the Network Configuration
SecurityTracker Alert ID:  1018607
SecurityTracker URL:
CVE Reference:   CVE-2007-4590   (Links to External Site)
Updated:  Mar 26 2008
Original Entry Date:  Aug 27 2007
Impact:   Modification of system information
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in HP-UX running Ignite-UX or DynRootDisk. A local user can modify system networking parameters on the target system.

A local user can exploit a flaw in the get_system_info command to make changes to system networking parameters.

Systems running Ignite-UX vC.7.0, vC.7.1, vC.7.2, vC.7.3 or the DynRootDisk (DRD) vA., vA., vA., or vA. are affected.

Impact:   A local user can modify network configuration parameters on the target system.
Solution:   The vendor is working on a fix. HP has described the following workaround [quoted]:

Until an update is available, HP has made the following procedure available to resolve the issue.

1. Download the script "get_system_info.wrapper" from the following ftp site:

2 .Verify the cksum or md5 sum:
cksum: 3713651406 5189 get_system_info.wrapper
MD5 (get_system_info.wrapper) = 99d725b5b93115ae418ad6ec1b5ab60d

3. As root, copy the script into a secure directory.

4. As root, run the script. The script will display the files it is replacing.

For example:

Replacing /opt/ignite/lbin/get_system_info with $secure_directory/get_system_info.wrapper
Replacing /opt/drd/lbin/get_system_info with $secure_directory/get_system_info.wrapper

where $secure_directory is the path to the secure directory containing the script.

5. The script must be executed whenever a vulnerable version of the fileset Ignite-UX.MGMT-TOOLS or the fileset DRD.DRD-RUN is reinstalled.

The HP advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (HP/UX)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC