---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: HP Tru64 Process Environment Disclosure Security Issue SECUNIA ADVISORY ID: SA24041 VERIFY ADVISORY: http://secunia.com/advisories/24041/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: HP Tru64 UNIX 5.x http://secunia.com/product/2/ DESCRIPTION: Andrea "bunker" Purificato has reported a security issue in HP Tru64, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information. The security issue is caused due to the "/usr/ucb/ps" command revealing the environment variables and values of all processes to an unprivileged user. This can potentially reveal certain information on processes that belong to the root user. This is similar to: SA19426 The vulnerability is reported in HP Tru64 / OSF1 v5.1 1885. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Andrea "bunker" Purificato ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052227.html OTHER REFERENCES: SA19426: http://secunia.com/advisories/19426 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------