HP Power Manager Remote Agent Lets Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1017977 |
|
SecurityTracker URL: http://securitytracker.com/id/1017977
|
|
CVE Reference:
CVE-2007-2351
(Links to External Site)
|
Updated: May 12 2008
|
Original Entry Date: Apr 29 2007
|
Impact:
Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0Build10 and prior versions
|
Description:
A vulnerability was reported in HP Power Manager Remote Agent. A local user can obtain root privileges on the target system.
A local user can execute arbitrary code on the target system with root privileges.
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
The vendor has issued a fixed version (revision 4.0Build11), available at:
http://h18004.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/pm3-dl.html
The HP advisory is available at:
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00819543
|
Vendor URL: www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00819543 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
UNIX (HP/UX)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 29 Apr 2007 16:16:15 -0400
Subject: HPSBMA02197 SSRT061285 rev.1 - HP-UX Running HP Power Manager Remote Agent (RA), Local Execution of Arbitrary Code with Root Privileges
|
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00819543
|
|
