HP-UX Get_System_Info Local Security Vulnerability

HP-UX is prone to a local vulnerability that may result in a change of network parameters.

This issue affects HP-UX running the Ignite-UX or the DynRootDisk (DRD) 'get_system_info' command.

A local attacker can exploit this issue to change certain network parameters without notification. For this to be a security issue, the 'get_system_info' command may be required to run setuid; the command's default permissions are currently not known.

A successful exploit of this issue may result in denial-of-service conditions; other attacks may also be possible.


 

Privacy Statement
Copyright 2010, SecurityFocus