Unauthorized File Access in HP NonStop Server
CVE-2006-5704

Currently unrated

Key Information:

Vendor: HP
Status: Nonstop Server
Vendor: CVE Published:; 4 November 2006

Summary

The HP NonStop Server G06.29, when running Standard Security T6533G06 prior to T6533G06^ABK, fails to adequately check access permissions for OSS directories in scenarios where no optional ACL entry is present. This oversight permits local users to gain unauthorized access and read arbitrary files, potentially leading to sensitive information disclosure.

References

http://securitytracker.com/id?1017135

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2006/4301

vdb-entryx_refsource_VUPEN

http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Nov 4, 2006
Vulnerability Reserved
Nov 3, 2006