HP-UX dtpad No Authentication Privilege Escalation

1997-09-01T00:00:00
ID OSVDB:8214
Type osvdb
Reporter OSVDB
Modified 1997-09-01T00:00:00

Description

Vulnerability Description

The dtpad program in HP-UX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the program does not check the authentication, which could allow a user who runs the program while su'd to another account or spawned to a remote X server inadvertently allow access to malicious users.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

The dtpad program in HP-UX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the program does not check the authentication, which could allow a user who runs the program while su'd to another account or spawned to a remote X server inadvertently allow access to malicious users.

References:

Vendor URL: http://www.hp.com/products1/unix/operating/index.html Related OSVDB ID: 8215 Related OSVDB ID: 8212 Related OSVDB ID: 8213 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019776&w=2 Keyword: HPSBUX9709-069 ISS X-Force ID: 499 CVE-1999-1133