HP-UX PHCO_34764 : HP-UX usermod(1M) Local Unauthorized Access. (HPSBUX02102 SSRT051078 rev.4)

Medium Nessus Plugin ID 22329


The remote HP-UX host is missing a security-related patch.


s700_800 11.23 ugm cumulative patch :

A vulnerability has been identified with certain versions of the HP-UX usermod(1M) command. A certain combination of options can result in recursively changing the ownership of all directories and files under a user's new home directory. This may result in unauthorized access to these directories and files.


Install patch PHCO_34764 or subsequent.

See Also


Plugin Details

Severity: Medium

ID: 22329

File Name: hpux_PHCO_34764.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2006/09/12

Modified: 2014/03/12

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Patch Publication Date: 2006/07/18

Vulnerability Publication Date: 2006/03/13

Reference Information

CVE: CVE-2006-1248

OSVDB: 23997

HP: emr_na-c00614838, HPSBUX02102, SSRT051078