Lucene search

[email protected]CVE-2011-4834

HistoryDec 15, 2011 - 3:57 a.m.

CVE-2011-4834

2011-12-1503:57:35

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-4834

hp alm

configuration tool

local privilege escalation

aix

hp-ux

solaris

security vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.2%

JSON

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

Affected configurations

NVD

Node

hpapplication_lifestyle_managementMatch11

AND

hphp-ux

ibmaix

sunsunos

CPENameOperatorVersion
hp:application_lifestyle_managementhp application lifestyle managementeq11

CPE	Name	Operator	Version
hp:application_lifestyle_management	hp application lifestyle management	eq	11

References

0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html

secunia.com/advisories/47040

www.securityfocus.com/archive/1/520783/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/71698

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.2%

JSON

Related for CVE-2011-4834

cvelist1 prion1 nvd1