Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: HP-UX, privilege elevation via VERITAS

March 2009 by Vigil@nce

A local attacker can elevate his privileges via a vulnerability of
VERITAS File System or VERITAS Oracle Disk Manager.

 Gravity: 2/4
 Consequences: administrator access/rights
 Provenance: user shell
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 24/03/2009

IMPACTED PRODUCTS

 HP-UX

DESCRIPTION OF THE VULNERABILITY

The VERITAS File System (VRTSvxfs) product is installed with
Storage Management Suite (SMS). The VERITAS Oracle Disk Manager
(VRTSodm) product is installed with Storage Management for Oracle
(SMO).

The /usr/sbin/qiomkfile and /opt/VRTSodm/bin/odmmkfile commands
pre-allocate a contiguous disk space.

However, these commands can be called by all local users, whereas
only root should be able to do it. This error can be used by a
local attacker to elevate his privileges. Technical details are
unknown.

A local attacker can therefore elevate his privileges via a
vulnerability of VERITAS File System or VERITAS Oracle Disk
Manager.

CHARACTERISTICS

 Identifiers: 318334, BID-34226, c01674733, CVE-2009-0207,
HPSBUX02409, SSRT080171, VIGILANCE-VUL-8556
 Url: http://vigilance.fr/vulnerability/HP-UX-privilege-elevation-via-VERITAS-8556


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts