Vulnerabilities > CVE-2006-1248 - Local Unauthorized Access vulnerability in HP Hp-Ux 11.00/11.11/11.23

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
hp
nessus

Summary

Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.

Vulnerable Configurations

Part Description Count
OS
Hp
3

Nessus

  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHCO_33142.NASL
    descriptions700_800 11.11 ugm cumulative patch : A vulnerability has been identified with certain versions of the HP-UX usermod(1M) command. A certain combination of options can result in recursively changing the ownership of all directories and files under a user
    last seen2020-06-01
    modified2020-06-02
    plugin id21103
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21103
    titleHP-UX PHCO_33142 : HP-UX usermod(1M) Local Unauthorized Access. (HPSBUX02102 SSRT051078 rev.4)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHCO_33142. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21103);
      script_version("1.16");
      script_cvs_date("Date: 2018/08/10 18:07:07");
    
      script_cve_id("CVE-2006-1248");
      script_xref(name:"HP", value:"emr_na-c00614838");
      script_xref(name:"HP", value:"HPSBUX02102");
      script_xref(name:"HP", value:"SSRT051078");
    
      script_name(english:"HP-UX PHCO_33142 : HP-UX usermod(1M) Local Unauthorized Access. (HPSBUX02102 SSRT051078 rev.4)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.11 ugm cumulative patch : 
    
    A vulnerability has been identified with certain versions of the HP-UX
    usermod(1M) command. A certain combination of options can result in
    recursively changing the ownership of all directories and files under
    a user's new home directory. This may result in unauthorized access to
    these directories and files."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00614838
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?db51d206"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHCO_33142 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/03/13");
      script_set_attribute(attribute:"patch_modification_date", value:"2006/09/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/03/21");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.11"))
    {
      exit(0, "The host is not affected since PHCO_33142 applies to a different OS release.");
    }
    
    patches = make_list("PHCO_33142", "PHCO_35732", "PHCO_37290", "PHCO_38492");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"OS-Core.ADMN-ENG-A-MAN", version:"B.11.11")) flag++;
    if (hpux_check_patch(app:"OS-Core.SYS-ADMIN", version:"B.11.11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHCO_34763.NASL
    descriptions700_800 11.00 user/group(add/mod/del)(1M) cumulative patch : A vulnerability has been identified with certain versions of the HP-UX usermod(1M) command. A certain combination of options can result in recursively changing the ownership of all directories and files under a user
    last seen2020-06-01
    modified2020-06-02
    plugin id22328
    published2006-09-12
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22328
    titleHP-UX PHCO_34763 : HP-UX usermod(1M) Local Unauthorized Access. (HPSBUX02102 SSRT051078 rev.4)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHCO_34763. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22328);
      script_version("1.12");
      script_cvs_date("Date: 2018/08/10 18:07:07");
    
      script_cve_id("CVE-2006-1248");
      script_xref(name:"HP", value:"emr_na-c00614838");
      script_xref(name:"HP", value:"HPSBUX02102");
      script_xref(name:"HP", value:"SSRT051078");
    
      script_name(english:"HP-UX PHCO_34763 : HP-UX usermod(1M) Local Unauthorized Access. (HPSBUX02102 SSRT051078 rev.4)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.00 user/group(add/mod/del)(1M) cumulative patch : 
    
    A vulnerability has been identified with certain versions of the HP-UX
    usermod(1M) command. A certain combination of options can result in
    recursively changing the ownership of all directories and files under
    a user's new home directory. This may result in unauthorized access to
    these directories and files."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00614838
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?db51d206"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHCO_34763 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/05/30");
      script_set_attribute(attribute:"patch_modification_date", value:"2006/09/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/12");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.00"))
    {
      exit(0, "The host is not affected since PHCO_34763 applies to a different OS release.");
    }
    
    patches = make_list("PHCO_34763");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"OS-Core.ADMN-ENG-A-MAN", version:"B.11.00")) flag++;
    if (hpux_check_patch(app:"OS-Core.SYS-ADMIN", version:"B.11.00")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHCO_34764.NASL
    descriptions700_800 11.23 ugm cumulative patch : A vulnerability has been identified with certain versions of the HP-UX usermod(1M) command. A certain combination of options can result in recursively changing the ownership of all directories and files under a user
    last seen2020-06-01
    modified2020-06-02
    plugin id22329
    published2006-09-12
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22329
    titleHP-UX PHCO_34764 : HP-UX usermod(1M) Local Unauthorized Access. (HPSBUX02102 SSRT051078 rev.4)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHCO_34764. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22329);
      script_version("1.16");
      script_cvs_date("Date: 2018/08/10 18:07:07");
    
      script_cve_id("CVE-2006-1248");
      script_xref(name:"HP", value:"emr_na-c00614838");
      script_xref(name:"HP", value:"HPSBUX02102");
      script_xref(name:"HP", value:"SSRT051078");
    
      script_name(english:"HP-UX PHCO_34764 : HP-UX usermod(1M) Local Unauthorized Access. (HPSBUX02102 SSRT051078 rev.4)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.23 ugm cumulative patch : 
    
    A vulnerability has been identified with certain versions of the HP-UX
    usermod(1M) command. A certain combination of options can result in
    recursively changing the ownership of all directories and files under
    a user's new home directory. This may result in unauthorized access to
    these directories and files."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00614838
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?db51d206"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHCO_34764 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/18");
      script_set_attribute(attribute:"patch_modification_date", value:"2006/09/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/12");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.23"))
    {
      exit(0, "The host is not affected since PHCO_34764 applies to a different OS release.");
    }
    
    patches = make_list("PHCO_34764", "PHCO_35874", "PHCO_36239", "PHCO_37178", "PHCO_37291", "PHCO_38491", "PHCO_43189");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"OS-Core.ADMN-ENG-A-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.SYS-ADMIN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"OS-Core.SYS2-ADMIN", version:"B.11.23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

  • accepted2007-02-20T13:39:29.984-05:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameNabil Ouchn
      organizationSecurity-Database
    descriptionUnspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
    familyunix
    idoval:org.mitre.oval:def:1098
    statusaccepted
    submitted2006-03-18T07:24:00.000-04:00
    titleusermod Recursive Ownership Error (B.11.23)
    version36
  • accepted2007-04-10T13:44:28.730-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameNabil Ouchn
      organizationSecurity-Database
    descriptionUnspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
    familyunix
    idoval:org.mitre.oval:def:772
    statusaccepted
    submitted2006-03-18T07:24:00.000-04:00
    titleHP-UX Usermod Local Unauthorized Access Vulnerability instead of usermod Recursive Ownership Error.
    version36
  • accepted2014-03-24T04:01:57.674-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    • nameMichael Wood
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    descriptionUnspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
    familyunix
    idoval:org.mitre.oval:def:785
    statusaccepted
    submitted2006-03-18T07:24:00.000-04:00
    titleHP-UX usermod(1M) Local Unauthorized Access.
    version43