Title: HP-UX kmmodreg Symbolic Link Vulnerability
Severity: MODERATE
Description:
HP-UX is a variant of the UNIX Operating System distributed and maintained by Hewlett Packard. HP-UX is designed for use on systems from small, single-processor servers to enterprise, multiprocessor servers.
A problem has been discovered in the operating system that makes it possible for a local user to gain elevated privileges. This vulnerability may also be used to deny service to legitimate users of the system.
The problem occurs in the program kmmodreg. During normal operation of the system, kmmodreg is used to register all of the loadable kernel modules listed in the mod_register file. This task must be performed by kmmodreg in order for kernel modules to be loadable by the running kernel.
The files '/tmp/.kmmodreg_lock' and '/tmp/kmpath.tmp' are created by kmmodreg each time the system is booted. When creating these files, kmmodreg (which runs as root) does not ensure they are not symbolic links. If they are, they links will be followed and whatever they point to will be overwritten. The files are created with mode 0666 (read/writeable by everyone). This leaves them open to modification by anyone after being created.
Attackers may use this vulnerability to cause a denial of service by overwriting critical system files. It may also be possible to elevate privileges because of the file modes.
Affected Products:
- HP HP-UX (VVOS) 11.0.4
- HP HP-UX 11.0.0
- HP HP-UX 11.11.0
References:
- Hewlett Packard: HP Support
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
