• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

HP Secure OS Software for Linux TLCompAdd Unauthorized File Access Vulnerability

The tlcompadd command included with HP Secure OS Software for Linux can be used to add named compartments, used to restrict the privileges of system processes. A vulnerability has been reported in some versions of this utility.

Reportedly, Mandatory Access Control (MAC) restrictions on the tlcompadd utility are insufficient. Exploitation may allow a local user to gain unauthorized access to files.