----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia
report for 2008.

Highlights from the 2008 report:
 * Vulnerability Research
 * Software Inspection Results
 * Secunia Research Highlights
 * Secunia Advisory Statistics

Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia


----------------------------------------------------------------------

TITLE:
HP-UX "useradd" Unauthorised Access

SECUNIA ADVISORY ID:
SA34931

VERIFY ADVISORY:
http://secunia.com/advisories/34931/

DESCRIPTION:
A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

The vulnerability is caused due to an error in the "useradd" command
when assigning the home directory and the group id. This can
potentially be exploited to gain unauthorised access to certain
directories and files.

The vulnerability is reported in HP-UX B.11.11, B.11.23, and B.11.31.

SOLUTION:
Apply patches.

B.11.11 (11i v1):
PHCO_38490 or subsequent

B.11.23 (11i v2):
PHCO_38481 or subsequent

B.11.31 (11i v3):
PHCO_38482 or subsequent

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
HPSBUX02366 SSRT080120:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539431

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------