Vigil@nce: HP-UX, privilege elevation via VERITAS
March 2009 by Vigil@nce
A local attacker can elevate his privileges via a vulnerability of
VERITAS File System or VERITAS Oracle Disk Manager.
– Gravity: 2/4
– Consequences: administrator access/rights
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 24/03/2009
IMPACTED PRODUCTS
– HP-UX
DESCRIPTION OF THE VULNERABILITY
The VERITAS File System (VRTSvxfs) product is installed with
Storage Management Suite (SMS). The VERITAS Oracle Disk Manager
(VRTSodm) product is installed with Storage Management for Oracle
(SMO).
The /usr/sbin/qiomkfile and /opt/VRTSodm/bin/odmmkfile commands
pre-allocate a contiguous disk space.
However, these commands can be called by all local users, whereas
only root should be able to do it. This error can be used by a
local attacker to elevate his privileges. Technical details are
unknown.
A local attacker can therefore elevate his privileges via a
vulnerability of VERITAS File System or VERITAS Oracle Disk
Manager.
CHARACTERISTICS
– Identifiers: 318334, BID-34226, c01674733, CVE-2009-0207,
HPSBUX02409, SSRT080171, VIGILANCE-VUL-8556
– Url: http://vigilance.fr/vulnerability/HP-UX-privilege-elevation-via-VERITAS-8556