HP-UX ONCplus NFS Configuration Security Bypass Vulnerability

Bugtraq ID:	38982
Class:	Configuration Error
CVE:	CVE-2010-0451
Remote:	Yes
Local:	No
Published:	Mar 25 2010 12:00AM
Updated:	Mar 25 2010 12:00AM
Credit:	The vendor disclosed this issue.
Vulnerable:	HP HP-UX B.11.31.08 HP HP-UX B.11.31.06 HP HP-UX B.11.31 HP HP-UX B.11.23.07.04 HP HP-UX B.11.23 HP HP-UX B.11.22 HP HP-UX B.11.11.17.02 HP HP-UX B.11.11.16.09 HP HP-UX B.11.11.15.13 HP HP-UX B.11.11.14.15 HP HP-UX B.11.11.13.14 HP HP-UX B.11.11 HP HP-UX B.11.04 HP HP-UX B.11.00
Not Vulnerable:	HP HP-UX B.11.31.09

HP-UX ONCplus NFS Configuration Security Bypass Vulnerability

HP-UX is prone to a security-bypass vulnerability because the ONCplus package can provide an unintended configuration for NFS.

Remote attackers can exploit this issue to bypass certain security restrictions and gain access to vulnerable computers.

HP-UX B.11.31.08 and prior are vulnerable.

HP-UX ONCplus NFS Configuration Security Bypass Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

HP-UX ONCplus NFS Configuration Security Bypass Vulnerability

Solution:
The vendor has released an advisory and updates. Please see the references for more information.

HP-UX ONCplus NFS Configuration Security Bypass Vulnerability

References:

• HP-UX Homepage (HP)
  
• HPSBUX02509 SSRT100032 rev.1 - HP-UX Running NFS/ONCplus, NFS Inadvertently Enab (HP)