CVE-2004-0952

Name of the Vulnerable Software and Affected Versions: HP-UX versions B.11.00 through B.11.23

Description: The issue allows remote attackers to modify data or cause disk consumption due to world-writable permissions being set on part of the directory tree by the TFTP server when running Ignite-UX and using the add new client command.

Recommendations: For HP-UX versions B.11.00 through B.11.23, consider restricting access to the TFTP server or modifying the permissions set by the add new client command to prevent remote attackers from modifying data or causing disk consumption. As a temporary workaround, restrict the use of the add new client command until a proper fix is applied.