Vulnerability Note VU#420475

Hewlett-Packard Virtual Vault OS (VVOS) contains vulnerability in mkacct program

Original Release date: 15 Aug 2001 | Last revised: 17 Aug 2001

Overview

There is a vulnerability in the /sbin/mkacct program, part of Hewlett Packard's Virtual Vault Operating System (VVOS).

Description

Virtual Vault is an environment "designed for use in the financial services, telecommunications, manufacturing, and retail industries to provide services such as Internet banking, online billing systems, and electronic commerce," built on top of a "security hardened version of the HP-UX operating system." A vulnerability in the /sbin/mkacct program could allow an intruder to gain "unauthorized privileged access." No other details are available. Specifically, it is unknown if an intruder can exploit this vulnerability remotely in some way. For more information, see HP Security Bulletin #0161.

Impact

According to Hewlett Packard, an intruder can gain, "unauthorized privileged access."

Solution

Apply the patches listed below from Hewlett Packard:

    VirtualVault 4.0: PHSS_24169
    VirtualVault 4.5: PHSS_24212

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett PackardAffected-17 Aug 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Hewlett Packard for the information contained in their advisory.

This document was written by Shawn V. Hernan.

Other Information

  • CVE IDs: Unknown
  • Date Public: 19 Jul 2001
  • Date First Published: 15 Aug 2001
  • Date Last Updated: 17 Aug 2001
  • Severity Metric: 11.95
  • Document Revision: 7

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.