HP-UX VJE.VJE-RUN Default Path Modification Vulnerability

HP-UX VJE.VJE-RUN Default Path Modification Vulnerability

HP-UX is the Unix Operating System variant distributed and maintained by HP. An issue has been reported with the VJE.VJE-RUN fileset used to provide vje Japanese Input support.

When installed, VJE.VJE-RUN modifies the file /etc/PATH. The string 'bin' is erroneously added to this file. As a result, the PATH environment variable for users and processes may be modified in unexpected ways.

A malicious local user may be able to exploit this issue to gain elevated privileges.