Inadequate Access Control in HP NonStop Safeguard Security Software
CVE-2014-2629

Currently unrated

Key Information:

Vendor: HP
Status: Nonstop Safeguard Security
Vendor: CVE Published:; 12 August 2014

Summary

The HP NonStop Safeguard Security Software versions G, H06.03 up to H06.28.01 and J06.03 up to J06.17.01 exhibit a critical access control flaw. This vulnerability arises due to improper evaluation of the DISKFILE-PATTERN ACL of a program object file. Attackers with remote authenticated access can exploit this weakness, enabling them to bypass intended program access restrictions. As a result, this could lead to unauthorized program execution via various methods associated with process creation timing.

References

http://www.securitytracker.com/id/1030697

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/69147

vdb-entryx_refsource_BID

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Aug 12, 2014
Vulnerability Reserved
Mar 24, 2014