HP Power Manager Remote Agent Local Privilege Escalation Vulnerability

Bugtraq ID:	23703
Class:	Unknown
CVE:
Remote:	No
Local:	Yes
Published:	Apr 29 2007 12:00AM
Updated:	Apr 30 2007 10:00PM
Credit:	The vendor disclosed this issue.
Vulnerable:	HP Power Manager 4.0Build10
Not Vulnerable:	HP Power Manager 4.0Build11

HP Power Manager Remote Agent Local Privilege Escalation Vulnerability

HP Power Manager is prone to a local privilege-escalation vulnerability.

A local attacker may execute arbitrary code with a root privileges. This may facilitate a complete compromise of the affected computer.

HP Power Manager 4.0Build10 and prior versions are vulnerable to this issue.

HP Power Manager Remote Agent Local Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

HP Power Manager Remote Agent Local Privilege Escalation Vulnerability

Solution:
The vendor has released a fix to address this issue. Please see the references for information on how to obtain and apply this fix.


HP Power Manager 4.0Build10

• HP hppm40-linux-remote-agt.tar.tgz
  http://h18004.www1.hp.com/products/servers/proliantstorage/power-prote ction/software/power-manager/dl/hppm40-linux-remote-agt.tar.tgz


• HP hppm40-nw-remote-agt.zip
  http://h18004.www1.hp.com/products/servers/proliantstorage/power-prote ction/software/power-manager/dl/hppm40-nw-remote-agt.zip


• HP HPPMRA4Build11HPUX.tgz
  http://h18004.www1.hp.com/products/servers/proliantstorage/power-prote ction/software/power-manager/dl/HPPMRA4Build11HPUX.tgz

HP Power Manager Remote Agent Local Privilege Escalation Vulnerability

References:

• HP Power Manager Download (HP)
  
• HPSBMA02197 SSRT061285 rev.1 - HP-UX Running HP Power Manager Remote Agent (RA), (HP)
  
• Micro News Homepage (phptoys)