OpenVMS ACMELOGIN Bug Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1027074 |
|
SecurityTracker URL: http://securitytracker.com/id/1027074
|
|
CVE Reference:
CVE-2012-2010
(Links to External Site)
|
Date: May 17 2012
|
Impact:
Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8.3, 8.3-1H1, 8.4
|
Description:
A vulnerability was reported in OpenVMS. A local user can obtain elevated privileges on the target system.
On systems where the SYS$ACM system service for authentication is enabled, a local user can exploit a flaw in ACMELOGIN to obtain unauthorized access and gain elevated privileges.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued a fix.
The vendor's advisory is available at:
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03333494
|
Vendor URL: h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03333494 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 17 May 2012 21:29:16 +0000
Subject: HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized Access and Increased Privileges
|
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03333494
CVE-2012-2010
|
|
