Vigil@nce - HP ArcSight: privilege escalation
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can alter files of HP ArcSight, in order to
escalate his privileges.
– Impacted products: ArcSight Connector, ArcSight ESM, ArcSight
Logger, HP ArcMC.
– Severity: 2/4.
– Creation date: 04/11/2015.
DESCRIPTION OF THE VULNERABILITY
The HP ArcSight product installs files belonging to the "arcsight"
user, but run by the "root" user.
However, a local attacker with the "arcsight" privilege, can alter
these files.
A local attacker can therefore alter files of HP ArcSight, in
order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/HP-ArcSight-privilege-escalation-18240