Print | Rate this content

HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00659649

Version: 1

HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2006-05-22

Last Updated: 2006-05-22


Potential Security Impact: Local elevation of privilege

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY

Potential security vulnerabilities have been identified with HP-UX running Software Distributor. These vulnerabilities could be exploited by a local authorized user to gain elevated privileges.

References: None

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP-UX B.11.00, B.11.04, B.11.11, B.11.23 running Software Distributor

BACKGROUND

For a PGP signed version of this security bulletin please write to: security-alert@hp.com

The Hewlett-Packard Company thanks NCC Group
for reporting this vulnerability to security-alert@hp.com.

AFFECTED VERSIONS

HP-UX B.11.23
=============
SW-DIST.SD-CMDS
action: install revision B.11.23.0606.045 or subsequent

HP-UX B.11.11
=============
SW-DIST.SD-CMDS
action: install PHCO_34539 or subsequent

HP-UX B.11.04
=============
SW-DIST.SD-CMDS
action: install PHCO_34814 or subsequent

HP-UX B.11.00
=============
SW-DIST.SD-CMDS
action: install PHCO_34568 or subsequent

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue.
The patches are available from http://itrc.hp.com
The software update is available from http://www.hp.com/go/softwaredepot/

HP-UX B.11.23
B.11.23.0606.045 or subsequent
HP-UX B.11.11
PHCO_34539 or subsequent
HP-UX B11.04
PHCO_34814 or subsequent
HP-UX B.11.00
PHCO_34568 or subsequent

MANUAL ACTIONS: Yes - Update
B.11.23 - install revision B.11.23.0606.045 or subsequent
B.11.11 - no manual actions
B.11.04 - no manual actions
B.11.00 - no manual actions

PRODUCT SPECIFIC INFORMATION

HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information:
http://software.hp.com/portal/swdepot/displayProductInfo.do? productNumber=B6834AA

HISTORY
Version: 1 (rev.1) - 22 May 2006 Initial release

©Copyright 2006 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!