Vigil@nce: HP-UX, access to WBEM data
April 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local or remote attacker can read or alter diagnostic data of WBEM.
Creation date: 28/03/2012
DESCRIPTION OF THE VULNERABILITY
WBEM standard (Web Based Enterprise Management) unifies system administration. The WBEMMgmtBundle and SysFaultMgmt modules implement WBEM. They are impacted by two vulnerabilities.
On HP-UX 11.31, a local attacker can read or alter diagnostic data. [severity:1/4; BID-52733, CVE-2012-0125]
On HP-UX 11.11 and 11.23, a remote attacker can read or alter diagnostic data. [severity:2/4; BID-52734, CVE-2012-0126]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN