|
HP Tru64 Process Environment Disclosure Security Issue
|
|
|
|
|
Secunia Advisory:
|
SA24041
|
|
|
Release Date:
|
2007-02-06
|
|
Last Update:
|
2007-02-09
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
Local system
|
|
Solution Status:
|
Unpatched
|
|
| OS: | HP Tru64 UNIX 5.x
|
|
| | CVE reference: | CVE-2007-0805 (Secunia mirror)
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
Andrea "bunker" Purificato has reported a security issue in HP Tru64, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information.
The security issue is caused due to the "/usr/ucb/ps" command revealing the environment variables and values of all processes to an unprivileged user. This can potentially reveal certain information on processes that belong to the root user.
This is similar to:
SA19426
The vulnerability is reported in HP Tru64 / OSF1 v5.1 1885. Other versions may also be affected.
Solution:
Grant only trusted users access to affected systems.
Provided and/or discovered by:
Andrea "bunker" Purificato
Changelog:
2007-02-09: Added CVE reference.
Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052227.html
Other References:
SA19426:
http://secunia.com/advisories/19426
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
58 Related Secunia Security Advisories, displaying 10
|
|
|
1. HP Tru64 UNIX SSH SFTP Server Vulnerability
|
|
2. HP Tru64 UNIX Perl Regular Expressions Vulnerability
|
|
3. HP Tru64 UNIX FFM Unspecified Denial of Service Vulnerability
|
|
4. HP Tru64 UNIX BIND Predictable DNS Query IDs Vulnerability
|
|
5. HP Tru64 UNIX "dop" Command Privilege Escalation
|
|
6. HP Tru64 UNIX "ps" Command Information Disclosure
|
|
7. HP Tru64 UNIX Multiple SSL and BIND Vulnerabilities
|
|
8. HP Tru64 SSH Valid User Identification
|
|
9. HP Tru64 libpthread "PTHREAD_CONFIG" Privilege Escalation
|
|
10. HP Tru64 UNIX gzip Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
