Vigil@nce: HP-UX, remote access via NFS
August 2008 by Vigil@nce
SYNTHESIS
An administrator configuring NFS service via SAM, can leave access
list empty, that is interpreted as open access.
Gravity: 2/4
Consequences: data reading, data creation/edition, data deletion
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 31/07/2008
Identifier: VIGILANCE-VUL-7980
IMPACTED PRODUCTS
– Hewlett-Packard HP-UX [confidential versions]
DESCRIPTION
The System Administration Manager SAM can notably be used to
configure NFS service.
SAM interface displays by default empty access list, this seems
not to allow users, but read and write rights are offered.
An administrator configuring NFS service via SAM letting empty
access list, can therefore offer access to NFS users.
CHARACTERISTICS
Identifiers: c01367453, CVE-2008-1662, HPSBUX02286, SSRT071466, VIGILANCE-VUL-7980