HP System Management Homepage Information Disclosure Flaw Lets Remote Authenticated Users Gain Root Access
|
|
SecurityTracker Alert ID: 1024433 |
|
SecurityTracker URL: http://securitytracker.com/id/1024433
|
|
CVE Reference:
CVE-2010-3009
(Links to External Site)
|
Date: Sep 14 2010
|
Impact:
Disclosure of system information, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.0, 6.1
|
Description:
A vulnerability was reported in HP System Management Homepage for Linux. A remote authenticated user can gain root access on the target system.
A remote authenticated user can gain access to sensitive information on the target system and use the information to gain root access to the target system.
|
Impact:
A remote authenticated user can gain root access on the target system.
|
Solution:
The vendor has issued a fix (6.2.0-12).
The vendor's advisory is available at:
https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02475053
|
Vendor URL: www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02475053 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 14 Sep 2010 04:44:00 +0000
Subject: HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information
|
https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02475053
CVE-2010-3009
|
|
