HP-UX PHCO_34763 : HP-UX usermod(1M) Local Unauthorized Access. (HPSBUX02102 SSRT051078 rev.4)

medium Nessus Plugin ID 22328

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.00 user/group(add/mod/del)(1M) cumulative patch :

A vulnerability has been identified with certain versions of the HP-UX usermod(1M) command. A certain combination of options can result in recursively changing the ownership of all directories and files under a user's new home directory. This may result in unauthorized access to these directories and files.

Solution

Install patch PHCO_34763 or subsequent.

See Also

http://www.nessus.org/u?db51d206

Plugin Details

Severity: Medium

ID: 22328

File Name: hpux_PHCO_34763.nasl

Version: 1.13

Type: local

Published: 9/12/2006

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Patch Publication Date: 5/30/2006

Vulnerability Publication Date: 3/13/2006

Reference Information

CVE: CVE-2006-1248

HP: HPSBUX02102, SSRT051078, emr_na-c00614838