Vulnerability Note VU#314776

Hewlett Packard HP-UX pcltotiff is installed with insecure permissions

Original Release date: 15 Aug 2001 | Last revised: 17 Aug 2001

Overview

The utility pcltotiff is installed with insecure permissions on some Hewlett Packard systems.

Description

The HP utility pcltotiff is installed with sgid bin permissions in order to read files in /usr/lib/X11/fonts/ifo.st/typefaces/. This gives more permissions to pcltotiff than are required. For more information, see HP Security Bulletin HPSBUX0104-149.

Impact

The complete impact of this vulnerability is not yet known. Hewlett Packard lists the impact as "Denial of service," but it is unclear why.

Solution

Change the permissions on the file as described in HP bulletin.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett PackardAffected-17 Aug 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This document was written by Shawn V. Hernan.

Other Information

  • CVE IDs: CAN-2001-0488
  • Date Public: 24 Apr 2001
  • Date First Published: 15 Aug 2001
  • Date Last Updated: 17 Aug 2001
  • Severity Metric: 2.53
  • Document Revision: 7

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.