HP-UX System Administration Manager NFS Configuration Security Bypass Vulnerability

Bugtraq ID:	30449
Class:	Access Validation Error
CVE:	CVE-2008-1662
Remote:	Yes
Local:	No
Published:	Jul 30 2008 12:00AM
Updated:	Aug 09 2008 03:46PM
Credit:	The vendor disclosed this issue.
Vulnerable:	HP HP-UX B.11.23 HP HP-UX B.11.11 Avaya Proactive Contact 3.0 Avaya Predictive Dialer (PDS) APC 3.0 Avaya Predictive Dialer 0
Not Vulnerable:

HP-UX System Administration Manager NFS Configuration Security Bypass Vulnerability

HP-UX is prone to a security-bypass vulnerability because the System Administration Manager (SAM) application can provide an unintended configuration for NFS.

Remote attackers can exploit this issue to bypass certain security restrictions and gain access to vulnerable computers.

This issue affects the following versions of HP-UX running SAM:

HP-UX B.11.11
HP-UX B.11.23

HP-UX System Administration Manager NFS Configuration Security Bypass Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

HP-UX System Administration Manager NFS Configuration Security Bypass Vulnerability

Solution:
The vendor has released an advisory and updates. Please see the references for more information.

HP-UX System Administration Manager NFS Configuration Security Bypass Vulnerability

References:

• HP-UX Homepage (HP)
  
• HPSBUX02286 SSRT071466 rev.1 - HP-UX Running System Administration Manager (SAM) ([email protected])
  
• ASA-2008-324 HP-UX Running System Administration Manager (SAM), Unintended Remot (Avaya)
  
• HPSBUX02286 SSRT071466 HP-UX Running System Administration Manager (SAM), Uninte (HP)