HP-UX auto_parms Arbitrary Command Execution Vulnerability

Bugtraq ID:	1954
Class:	Design Error
CVE:	CVE-2000-1126
Remote:	No
Local:	Yes
Published:	Nov 13 2000 12:00AM
Updated:	Jul 11 2009 03:56AM
Credit:	First published in HP Advisory HPSBUX0011-130 on November 13, 2000.
Vulnerable:	HP HP-UX (VVOS) 10.24 HP HP-UX 11.0 4 HP HP-UX 11.0 HP HP-UX 10.20 HP HP-UX 10.10 HP HP-UX 10.0 1
Not Vulnerable:

HP-UX auto_parms Arbitrary Command Execution Vulnerability

HP-UX ships with a script called auto_parms that is used when the system is starting up. If the file "install.vars" exists in /tmp when the system is booted up, auto_parms executes commands within this file as root. It is possible for a local user to create a malicious install.vars that can cause arbitrary commands to be executed when the system is rebooted. This can be used to gain root access on the victim host.

HP-UX auto_parms Arbitrary Command Execution Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

HP-UX auto_parms Arbitrary Command Execution Vulnerability

Solution:
HP has released advisory HPSBUX0011-130 addressing this issue. Please see the referenced advisory for obtaining and applying fixes.


HP HP-UX 10.0 1

• HP PHCO_21990
  

HP HP-UX 10.10

• HP PHCO_21991
  

HP HP-UX 10.20

• HP PHCO_21992
  

HP HP-UX 11.0

• HP PHCO_21993
  


• HP PHCO_22957
  http://itrc.hp.com

HP HP-UX 11.0 4

• HP PHCO_22186
  

HP-UX auto_parms Arbitrary Command Execution Vulnerability

References:

• HP Support (Hewlett Packard)