Vulnerabilities > CVE-2004-0952 - Unspecified vulnerability in HP Hp-Ux
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 |
Nessus
NASL family | Misc. |
NASL id | TFTP_PERMISSIONS_HP_IGNITE_UX.NASL |
description | The remote host has a vulnerable version of the HP Ignite-UX application installed that exposes a world-writeable directory to anonymous TFTP access. A remote attacker could exploit this to upload arbitrary files. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19510 |
published | 2005-08-26 |
reporter | This NASL script is Copyright (C) 2005-2018 Corsaire Limited. |
source | https://www.tenable.com/plugins/nessus/19510 |
title | HP-UX Ignite-UX TFTP Service Remote File Manipulation |
code |
|
Oval
accepted | 2014-03-24T04:01:47.045-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
description | HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:5775 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2008-07-07T16:38:38.000-04:00 | ||||||||||||
title | HP-UX Ignite-UX, Remote Unauthorized Access | ||||||||||||
version | 39 |
References
- http://marc.info/?l=bugtraq&m=112420609211136&w=2
- http://marc.info/?l=bugtraq&m=112422597529112&w=2
- http://secunia.com/advisories/16456/
- http://securitytracker.com/id?1014711
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21857
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5775