ID CVE-2006-1248
Summary Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
References
Vulnerable Configurations
  • cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
CVSS
Base: 4.6 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2007-02-20T13:39:29.984-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Nabil Ouchn
      organization Security-Database
    description Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
    family unix
    id oval:org.mitre.oval:def:1098
    status accepted
    submitted 2006-03-18T07:24:00.000-04:00
    title usermod Recursive Ownership Error (B.11.23)
    version 32
  • accepted 2007-04-10T13:44:28.730-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Nabil Ouchn
      organization Security-Database
    description Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
    family unix
    id oval:org.mitre.oval:def:772
    status accepted
    submitted 2006-03-18T07:24:00.000-04:00
    title HP-UX Usermod Local Unauthorized Access Vulnerability instead of usermod Recursive Ownership Error.
    version 32
  • accepted 2014-03-24T04:01:57.674-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Michael Wood
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
    family unix
    id oval:org.mitre.oval:def:785
    status accepted
    submitted 2006-03-18T07:24:00.000-04:00
    title HP-UX usermod(1M) Local Unauthorized Access.
    version 39
refmap via4
bid 17143
hp
  • HPSBUX02102
  • SSRT051078
sectrack
  • 1015782
  • 1015834
secunia 19305
vupen ADV-2006-0997
xf hpux-usermod-unauthorized-access(25311)
Last major update 11-10-2017 - 01:30
Published 17-03-2006 - 19:02
Back to Top