---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: HP Tru64 UNIX "ps" Command Information Disclosure SECUNIA ADVISORY ID: SA25135 VERIFY ADVISORY: http://secunia.com/advisories/25135/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: HP Tru64 UNIX 4.x http://secunia.com/product/6/ HP Tru64 UNIX 5.x http://secunia.com/product/2/ DESCRIPTION: A security issue has been reported in HP Tru64, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information. The security issue is caused due to the "ps" command revealing the environment variables and values of all processes to an unprivileged user. This can potentially reveal certain information on processes that belong to the root user. The security issue affects the following versions: HP Tru64 UNIX v5.1B-4 HP Tru64 UNIX v5.1B-3 HP Tru64 UNIX v5.1A PK6 HP Tru64 UNIX v4.0G PK4 HP Tru64 UNIX v4.0F PK8 SOLUTION: Install ERP Kits and edit the files "/etc/rc.config.common" for versions v5.1A PK6, v5.1B-3, or v5.2B-4 or "/etc/rc.config" for versions v4.0G PK4 and v4.0F PK8 (See vendor advisory for details). HP Tru64 UNIX Version v5.1B-4 ERP Kit: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001143-V51BB27-ES-20070305 MD5 Checksum: 44b15d10895cf0606003a572b3310f9a HP Tru64 UNIX Version v5.1B-3 ERP Kit: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001144-V51BB26-ES-20070305 MD5 Checksum: 67cfabb7cd3c422e2dc6bb6ed3d7d290 HP Tru64 UNIX Version v5.1A PK6 ERP Kit: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001145-V51AB24-ES-20070305 MD5 Checksum: de6885b166dba703af862ce05431e5cc HP Tru64 UNIX Version v4.0G PK4 ERP Kit: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001179-V40GB22-ES-20070330 MD5 Checksum: 31129e60bb01ffdea015312c0e019fae HP Tru64 UNIX Version v4.0F PK8 ERP Kit: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001180-V40FB22-ES-20070330 MD5 Checksum: db9d634bb27f02642e00f149d6ebb8ee PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBTU02179 SSRT061256: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00817515 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------