Executive Summary

Summary
Title HP-UX usermod(1M) Local Unauthorized Access.
Informations
Name HPSBUX02102 SSRT051078 First vendor Publication 2006-03-13
Vendor HP Last vendor Modification 2006-09-05
Severity (Vendor) N/A Revision 4

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been identified with certain versions of the HP-UX usermod(1M) command. A certain combination of options can result in recursively changing the ownership of all directories and files under a user's new home directory. This may result in unauthorized access to these directories and files.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00614838

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1098
 
Oval ID: oval:org.mitre.oval:def:1098
Title: usermod Recursive Ownership Error (B.11.23)
Description: Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1248
 Version: 2
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:772
 
Oval ID: oval:org.mitre.oval:def:772
Title: HP-UX Usermod Local Unauthorized Access Vulnerability instead of usermod Recursive Ownership Error.
Description: Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1248
 Version: 2
Platform(s): HP-UX 11
 Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:785
 
Oval ID: oval:org.mitre.oval:def:785
Title: HP-UX usermod(1M) Local Unauthorized Access.
Description: Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1248
 Version: 7
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 3

Open Source Vulnerability Database (OSVDB)

Id Description
23997 HP-UX usermod Recursive Ownership Modification

Nessus® Vulnerability Scanner

Date Description
2006-09-12 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHCO_34763.nasl - Type : ACT_GATHER_INFO
2006-09-12 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHCO_34764.nasl - Type : ACT_GATHER_INFO
2006-03-21 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHCO_33142.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:38:20
  • Multiple Updates
2013-05-11 12:20:12
  • Multiple Updates