HP DBUTIL.PUB.SYS Privilege Elevation Vulnerability

Bugtraq ID:	1405
Class:	Unknown
CVE:
Remote:	No
Local:	Yes
Published:	Jun 26 2000 12:00AM
Updated:	Jun 26 2000 12:00AM
Credit:	This vulnerability was made public in an HP Security Advisory on June 26, 2000.
Vulnerable:	HP MPE/iX 6.5 HP MPE/iX 6.0 HP MPE/iX 5.5 HP MPE/iX 5.0 HP MPE/iX 4.5
Not Vulnerable:

HP DBUTIL.PUB.SYS Privilege Elevation Vulnerability

A vulnerability exists whereby a user can utilize DBUTIL.PUB.SYS to elevate their privileges. This affect versions 4.5 and newer of the MPE/iX operating system from Hewlett Packard. The exact nature of this vulnerability is not known.

HP DBUTIL.PUB.SYS Privilege Elevation Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

HP DBUTIL.PUB.SYS Privilege Elevation Vulnerability

Solution:
Until the patch is available, the recommended solution is to secure DBUTIL program and your database schemas with a lockword.
For example, in CI prompt
:RENAME DBUTIL.PUB.SYS, DBUTIL/LOCK.PUB.SYS
/<lockword>


HP MPE/iX 4.5

• HP DBUTIL
  http://jazz.external.hp.com/src/

HP MPE/iX 5.0

• HP DBUTIL
  http://jazz.external.hp.com/src/

HP MPE/iX 5.5

• HP DBUTIL
  http://jazz.external.hp.com/src/

HP MPE/iX 6.0

• HP DBUTIL
  http://jazz.external.hp.com/src/

HP MPE/iX 6.5

• HP DBUTIL
  http://jazz.external.hp.com/src/

HP DBUTIL.PUB.SYS Privilege Elevation Vulnerability

References: