Vulnerabilities > CVE-2014-2630 - Local Privilege Escalation vulnerability in HP Operations Agent 11.0
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| id | EDB-ID:48000 |
| last seen | 2020-02-05 |
| modified | 2020-02-05 |
| published | 2020-02-05 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/48000 |
| title | xglance-bin 11.00 - Privilege Escalation |
Metasploit
| description | This exploit takes advantage of xglance-bin, part of HP's Glance (or Performance Monitoring) version 11 'and subsequent' , which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating libraries in this location will result in an escalation of privileges to root. |
| id | MSF:EXPLOIT/LINUX/LOCAL/HP_XGLANCE_PRIV_ESC |
| last seen | 2020-06-14 |
| modified | 2020-04-30 |
| published | 2020-04-19 |
| references |
|
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/local/hp_xglance_priv_esc.rb |
| title | HP Performance Monitoring xglance Priv Esc |
Packetstorm
data source https://packetstormsecurity.com/files/download/157528/hp_xglance_priv_esc.rb.txt id PACKETSTORM:157528 last seen 2020-05-06 published 2020-05-04 reporter Tim Brown source https://packetstormsecurity.com/files/157528/HP-Performance-Monitoring-xglance-Privilege-Escalation.html title HP Performance Monitoring xglance Privilege Escalation data source https://packetstormsecurity.com/files/download/129174/glance-escalate.txt id PACKETSTORM:129174 last seen 2016-12-05 published 2014-11-19 reporter Tim Brown source https://packetstormsecurity.com/files/129174/Compaq-Hewlett-Packard-Glance-11.00-Privilege-Escalation.html title Compaq/Hewlett Packard Glance 11.00 Privilege Escalation data source https://packetstormsecurity.com/files/download/156206/perf-exploiter.sh.txt id PACKETSTORM:156206 last seen 2020-02-06 published 2020-02-05 reporter Tim Brown source https://packetstormsecurity.com/files/156206/xglance-bin-Local-Root-Privilege-Escalation.html title xglance-bin Local Root Privilege Escalation
References
- http://packetstormsecurity.com/files/156206/xglance-bin-Local-Root-Privilege-Escalation.html
- http://packetstormsecurity.com/files/157528/HP-Performance-Monitoring-xglance-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2020/Feb/1
- http://secunia.com/advisories/60041
- http://www.securitytracker.com/id/1030702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95181
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394554
- https://seclists.org/bugtraq/2020/Feb/7