PT-2015-2784 · Hewlett Packard · Hp-Ux

Published

2015-07-06

Updated

2016-12-28

CVE-2015-2126

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HP-UX versions 11iv2 through 11iv3

Description The issue is related to insufficient access control in the pppoec component, allowing local users to exploit it and gain privileges. This is due to the setuid permissions and weaknesses in access control to certain functions.

Recommendations For HP-UX versions 11iv2 through 11iv3, consider restricting access to the pppoec component until a fix is available. As a temporary workaround, review and adjust the setuid permissions to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2015-12149

CVE-2015-2126

HPSBUX03359

Affected Products

Hp-Ux

PT-2015-2784 · Hewlett Packard · Hp-Ux

CVE-2015-2126

Weakness Enumeration

Related Identifiers

Affected Products

References · 7