Vulnerabilities > CVE-2001-1256 - Symbolic Link vulnerability in HP Hp-Ux 11.00/11.04/11.11
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Oval
| accepted | 2014-03-24T04:01:43.510-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:5628 | ||||||||
| status | accepted | ||||||||
| submitted | 2008-07-10T16:22:36.000-04:00 | ||||||||
| title | HP-UX kmmodreg (1M), Local Denial of Service (DoS), Increased Privilege | ||||||||
| version | 39 |
References
- http://ciac.llnl.gov/ciac/bulletins/l-093.shtml
- http://online.securityfocus.com/advisories/3354
- http://www.kb.cert.org/vuls/id/127435
- http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92
- http://www.securityfocus.com/archive/1/188568
- http://www.securityfocus.com/bid/2821
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6656
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5628