Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4834

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-4834
Last Modified 15 Dec 2011 02:42:28
Published 14 Dec 2011 10:57:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-4834

Summary

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

Vulnerable Systems

Application

  • Hp Application Lifestyle Management 11


References

XF - hp-alm-symlink(71698)

BUGTRAQ - 20111208 0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11

SECUNIA - 47040

MISC - http://0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html


Last Updated: 27 May 2016 10:57:55