The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of HP-UX: read-write access via VxFS

Synthesis of the vulnerability 

A local attacker can bypass access restrictions of VxFS of HP-UX, in order to read or alter files.
Vulnerable software: HP-UX.
Severity of this announce: 2/4.
Creation date: 10/05/2016.
Références of this computer vulnerability: c05121749, CVE-2016-2016, HPSBUX03577, SSRT102172, VIGILANCE-VUL-19567.

Description of the vulnerability 

The HP-UX product uses the VxFS (JFS) filesystem.

However, ACLs are not correctly applied when they are inherited.

A local attacker can therefore bypass access restrictions of VxFS of HP-UX, in order to read or alter files.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability note impacts software or systems such as HP-UX.

Our Vigil@nce team determined that the severity of this computer vulnerability announce is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this cybersecurity announce.

Solutions for this threat 

HP-UX: patch for VxFS.
A patch is available:
  Base-VxFS-50: PHKL_44459 VxFS 5.0 MP1P14
  Base-VxFS-501: PHKL_44411 VxFS 5.0.1 RP3P14
  Base-VxFS-51: PHKL_44439 VxFS 5.1 SP1RP3P6
  https://h20565.www2.hpe.com/portal/site/hpsc/patch/home
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer vulnerability patches. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.