Title: HP-UX Login Restricted Shell Escaping Vulnerability
Severity: MODERATE
Description:
HP-UX is a the Unix Operating System variant distributed and maintained by Hewlett-Packard.
A problem in HP-UX allows local users to escape a secure local environment on systems that have been designed to give users restricted shells. This could lead to a local user having full unprivileged access to the system, and potentially gaining elevated privileges.
Restricted shells are used on systems to allow users local access, while creating an environment that prevents them from taking advantage of potential local vulnerabilities in the system. Once a user has been placed inside a restricted shell, only programs located within the user's home directory may be executed. It is not possible to configure environment variables or change directories.
A vulnerability in login has been discovered that can allow users to escape restricted shells. This vulnerability can allow local users to escape the restricted environment, giving them the freedom to traverse the filesystem, and execute programs at will.
Escape of the restricted shell results in access equal to the user's UID (unprivileged).
Affected Products:
- HP HP-UX (VVOS) 10.24.0
- HP HP-UX (VVOS) 11.0.4
- HP HP-UX 10.20.0
- HP HP-UX 10.26.0
- HP HP-UX 11.0.0
- HP HP-UX 11.11.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
