CVE-2006-5704 - HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not prop

CVE-2006-5704

Summary

HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files.

References

http://securitytracker.com/id?1017135
http://www.ciac.org/ciac/bulletins/r-027.shtml
http://www.securityfocus.com/bid/20824
http://www.vupen.com/english/advisories/2006/4301
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00795238
https://exchange.xforce.ibmcloud.com/vulnerabilities/29951

Vulnerable Configurations

cpe:2.3:h:hp:nonstop_server:g06.29:*:*:*:*:*:*:*
cpe:2.3:h:hp:nonstop_server:g06.29:*:*:*:*:*:*:*

CVSS

Base:	6.2 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	20824
ciac	R-027
hp	HPSBNS02166 SSRT061255
sectrack	1017135
vupen	ADV-2006-4301
xf	hp-nonstop-unauth-access(29951)

Last major update

20-07-2017 - 01:33

Published

04-11-2006 - 01:07

Last modified

20-07-2017 - 01:33