---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: HP Ignite-UX TFTP Service Two Vulnerabilities SECUNIA ADVISORY ID: SA16456 VERIFY ADVISORY: http://secunia.com/advisories/16456/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of sensitive information WHERE: >From local network REVISION: 1.1 originally posted 2005-08-16 SOFTWARE: HP Ignite-UX C.6.x http://secunia.com/product/5550/ HP Ignite-UX B.3.x http://secunia.com/product/5551/ DESCRIPTION: Martin O'Neal of Corsaire has reported two vulnerabilities in HP Ignite-UX, which can be exploited by malicious people to gain access to the file system or disclose certain sensitive information. 1) An error in handling the "add_new_client" command can cause some sections of the TFTP server directory tree to become world-writable. This can be exploited to copy files to/from the file system or to cause a DoS (Denial of Service) by filling up available disk space. 2) An error in handling of the "make_recovery" command can cause a copy of the "/etc/passwd" file to be created in the TFTP server directory tree for anonymous access. The "make_recovery" has been removed as of version C.6.0, but the password file may still exist in the TFTP server directory tree if an older version has been used before. The vulnerabilities have been reported in the following versions: * HP-UX B.11.00 running Ignite-UX * HP-UX B.11.11 running Ignite-UX * HP-UX B.11.22 running Ignite-UX * HP-UX B.11.23 running Ignite-UX SOLUTION: Apply updates. http://www.hp.com/go/softwaredepot (search for IGNITEUXB). Ignite-UX-11-00_C.6.2.241_HP-UX_B.11.00_32+64.depot Ignite-UX-11-11_C.6.2.241_HP-UX_B.11.00_32+64.depot Ignite-IA-11-22_C.6.2.241_HP-UX_B.11.00_32+64.depot Ignite-UX-11-23_C.6.2.241_HP-UX_B.11.00_32+64.depot PROVIDED AND/OR DISCOVERED BY: Martin O'Neal, Corsaire Ltd. CHANGELOG: 2005-08-16: Updated credits and added links to Corsaire advisories. ORIGINAL ADVISORY: SSRT4874: http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01219 Corsaire: http://www.corsaire.com/advisories/c041123-001.txt http://www.corsaire.com/advisories/c041123-002.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------