Title: HP-UX CDE Default PATH Vulnerability
Severity: LOW
Description:
In the HP9000 700/800 series running HP-UX 10.X, users who log in using CDE have the current directory as part of the environment variable PATH. This vulnerability allows for an attacker to disguise malicious executables as commonly used system utilities (like ls) in world writeable directories to be executed unknowingly by another user or by root (when in that directory). An example of this is below:
Attacker with regular user permissions creates shell script called 'ls' in all world writeable directories.
'./ls' first executes the regular /bin/ls, then leaving a setuid root shell somewhere (or adds an entry to /etc/passwd or writes to /.rhosts).
To the user running what they think is 'ls', nothing seems wrong.
Affected Products:
- HP HP-UX (VVOS) 10.24.0
- HP HP-UX 10.0.0
- HP HP-UX 10.1.0 0
- HP HP-UX 10.10.0
- HP HP-UX 10.16.0
- HP HP-UX 10.20.0
- HP HP-UX 10.30.0
- HP HP-UX 10.34.0
- HP HP-UX 10.8.0
- HP HP-UX 10.9.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
