TITLE:
HP-UX "NLSPATH" Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA10159

VERIFY ADVISORY:
[Only registered and activated users can see links]

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
HP-UX 11.x
HP-UX 10.x

DESCRIPTION:
A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to escalate their privileges.

Reportedly, the problem is that a superuser can't restrict the paths
set in the "NLSPATH" environment variable for suid programs, which
are using "catopen()" and executed by other users.

The vulnerability affects HP9000 servers running HP-UX releases
B.10.20, B.11.00, B.11.11, and B.11.22.

SOLUTION:
Apply patches available at:
[Only registered and activated users can see links]

HP-UX B.11.22:
PHCO_29329

HP-UX B.11.11:
PHCO_29495

HP-UX B.11.00:
PHCO_29284

HP-UX B.10.20:
PHCO_26158

REPORTED BY / CREDITS:
NSFOCUS Security Team

ORIGINAL ADVISORY:
[Only registered and activated users can see links]

----------------------------------------------------------------------