CVE-2008-0884

Name of the Vulnerable Software and Affected Versions capp-lspp-eal4-config-hp versions prior to 0.65-2 capp-lspp-config in lspp-eal4-config-ibm versions prior to 0.65-2

Description The issue arises from the Replace function in the capp-lspp-config script, which uses lstat instead of stat to determine file permissions. This leads to a change in permissions for the /etc/pam.d/system-auth-ac file, making it world-writable. As a result, local users can modify this file to gain privileges.

Recommendations For capp-lspp-eal4-config-hp versions prior to 0.65-2, update to version 0.65-2 or later. For capp-lspp-config in lspp-eal4-config-ibm versions prior to 0.65-2, update to version 0.65-2 or later.