HP-UX VVOS Unspecified Local Passwd Vulnerability

Virtual Vault Operating System (VVOS) is a commercially-available operating system distributed by HP. It is designed to offer enhanced security features.

An unspecified vulnerability has been reported in VVOS. A vulnerability in the passwd program has been discovered, and a fix is available by HP.

Information concerning this vulnerability has not been made available. However, it's likely that this problem allows local privilege elevation on vulnerable systems, as passwd is a setuid root binary typically accessible only to users with shell-level access to a system. This could result in a local attacker gaining elevated access, and potentially administrative access.


Privacy Statement
Copyright 2010, SecurityFocus