---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: HP-UX "VRTSvxfs" and "VRTSodm" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA34419 VERIFY ADVISORY: http://secunia.com/advisories/34419/ DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to unspecified errors in the VERITAS File System ("VRTSvxfs") and VERITAS Oracle Disk Manager ("VRTSodm") packages and can be exploited to perform certain actions with escalated privileges. The vulnerability in the following products and versions: * HP-UX B.11.11 running VRTSodm version 3.5 * HP-UX B.11.23 running VRTSodm version 4.1 or VRTSvxfs version 4.1 * HP-UX B.11.23 running VRTSodm version 5.0 or VRTSvxfs version 5.0 * HP-UX B.11.31 running VRTSodm version 5.0 SOLUTION: Apply patches. http://itrc.hp.com HP-UX B.11.11: Install patch PHCO_39124 or subsequent. HP-UX B.11.23 running VRTSvxfs 4.1 and VRTSodm 4.1: Install patches PHCO_39027, PHKL_39029, or subsequent. HP-UX B.11.23 running VRTSodm 5.0 and VRTSvxfs 5.0: Install patches PHCO_39103, PHCO_39104, PHKL_38795, or subsequent. HP-UX B.11.31: Install patches PHCO_38913, PHCO_39132, PHKL_39130, or subsequent. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBUX02409 SSRT080171: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01674733 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------