Title: HP-UX Dynamically Loadable Kernel Modules Vulnerability
Severity: MODERATE
Description:
HP-UX is the Unix Operating System variant distributed and maintained by Hewlett-Packard.
A problem in the operating system may make it possible for local users to gain elevated privileges. A user exploiting the vulnerability may be able to gain administrative access, or hide their presence inside the system. The problem is in the system's handling of dynamically loadable kernel modules, which are a new feature of the HP-UX Operating System.
Beginning with revision 11.00, it is possible to load modular pieces of code into the kernel to provide new functionality without having take the system down to reconfigure the static kernel. This feature also provides a significant decrease in kernel footprint in memory, as unneeded or unused functionality within the kernel may be unloaded.
A flaw in this dlkm system has been discovered that may allow local users to deny service to legitimate users, or load arbitrary kernel modules. A problem in the static kernel symbol table may give local users the ability arbitrarily load kernel modules that could give elevated privileges, hide the user's presence inside the system, or perform a number of other tasks that are detrimental to system integrity.
Affected Products:
- HP HP-UX 11.11.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
