VUPEN Security - HP System Management Homepage Unauthorized Access / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> HP System Management Homepage Unauthorized Access

Title : HP System Management Homepage Unauthorized Access
VUPEN ID : VUPEN/ADV-2008-2999
CVE ID : CVE-2008-4413
CWE ID : CWE-264
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-11-04

Technical Description

A vulnerability has been identified in HP System Management Homepage (SMH) for HP-UX, which could be exploited by local attackers to bypass security restrictions. This issue is caused by an unspecified error which could be exploited to create a local unauthorized access.

Affected Products

HP System Management Homepage (SMH) version 2.2.6 and prior (HP-UX B.11.11 and B.11.23)
HP System Management Homepage (SMH) version 2.2.6 and prior (HP-UX B.11.23 and B.11.31)
HP System Management Homepage (SMH) version 2.2.8 and prior (HP-UX B.11.23 and B.11.31)

Solution

Install HP System Management Homepage (SMH) version 2.2.9.1 or subsequent :
http://software.hp.com

References

http://www.vupen.com/english/advisories/2008/2999
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01586921

Credits

Vulnerability reported by the vendor.

ChangeLog

2008-11-04 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Latest News

>> 2009-07-06