Vulnerability Name:

CVE-2006-1248 (CCN-25311)

Assigned:2006-03-15
Published:2006-03-15
Updated:2017-10-11
Summary:Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-1248

Source: HP
Type: UNKNOWN
HPSBUX02102

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX02102 SSRT051078 rev.1
HP-UX usermod(1M) Local Unauthorized Access.

Source: CCN
Type: SA19305
HP-UX usermod Recursive Ownership Change Security Issue

Source: SECUNIA
Type: UNKNOWN
19305

Source: CCN
Type: SECTRACK ID: 1015782
HP-UX usermod Lets Local Users Modify File and Directory Permissions

Source: SECTRACK
Type: UNKNOWN
1015782

Source: CCN
Type: SECTRACK ID: 1015834
HP-UX Unspecified Bug in passwd Lets Local Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1015834

Source: CCN
Type: ASA-2006-087
HP-UX usermod Local Unauthorized Access (HPSBUX02102)

Source: CCN
Type: OSVDB ID: 23997
HP-UX usermod Recursive Ownership Modification

Source: BID
Type: UNKNOWN
17143

Source: CCN
Type: BID-17143
HP-UX Usermod Local Unauthorized Access Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-0997

Source: XF
Type: UNKNOWN
hpux-usermod-unauthorized-access(25311)

Source: XF
Type: UNKNOWN
hpux-usermod-unauthorized-access(25311)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1098

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:772

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:785

Vulnerable Configuration:Configuration 1:
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:785
    V
    		HP-UX usermod(1M) Local Unauthorized Access.
    2014-03-24
    oval:org.mitre.oval:def:772
    V
    		HP-UX Usermod Local Unauthorized Access Vulnerability instead of usermod Recursive Ownership Error.
    2007-04-10
    oval:org.mitre.oval:def:1098
    V
    		usermod Recursive Ownership Error (B.11.23)
    2007-02-20
    BACK
    hp hp-ux 11.00
    hp hp-ux 11.11
    hp hp-ux 11.23
    hp hp-ux 11.00
    hp hp-ux 11.11
    hp hp-ux 11.23