HP Ignite-UX TFTP Service make_recovery Remote passwd File Disclosure

2005-08-16T12:13:30
ID OSVDB:18749
Type osvdb
Reporter Martin O'Neal(martin.oneal@corsaire.com)
Modified 2005-08-16T12:13:30

Description

Vulnerability Description

HP UX's Ignite-UX contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the /etc/passwd if the make_recovery command has been run by the administrator. The make_recovery utility copies /etc/passwd to the TFTP anonymous directories, which may lead to a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, HP has released patches to address this vulnerability. From HP's software update site, search for the patch appropriate for your version of HP UX:

Ignite-UX-11-00_C.6.2.241_HP-UX_B.11.00_32+64.depot Ignite-UX-11-11_C.6.2.241_HP-UX_B.11.00_32+64.depot Ignite-IA-11-22_C.6.2.241_HP-UX_B.11.00_32+64.depot Ignite-UX-11-23_C.6.2.241_HP-UX_B.11.00_32+64.depot

Short Description

HP UX's Ignite-UX contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the /etc/passwd if the make_recovery command has been run by the administrator. The make_recovery utility copies /etc/passwd to the TFTP anonymous directories, which may lead to a loss of confidentiality.

References:

Vendor URL: http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=IGNITEUXB Vendor Specific Solution URL: http://www.hp.com/go/softwaredepot Security Tracker: 1014711 Secunia Advisory ID:16456 Related OSVDB ID: 18798 Related OSVDB ID: 18750 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q3/0026.html Keyword: SSRT4874 ISS X-Force ID: 21858 CVE-2004-0951