Vulnerability

    kmmodreg

Affected

    HPUX 11.0

Description

    kmmodreg  creates  two  files  in  /tmp:   /tmp/.kmmodreg_lock and
    /tmp/kmpath.tmp  which  cheerfully  follows  symlink  to  /dev/vg,
    /.rhosts and rest of them.

    kmmodreg creates the files with O_CREATE 666, or using the  umask.
    Since  kmmodreg  is  running  at  boot,  when  umsak is 000, it is
    possible to create the linked files with 666.

    Credit goes to Graf Potozky.

Solution

    Install the appropriate patch for the HP-UX release:

        11.11    PHCO_24147,
        11.04    PHCO_24197,
        11.00    PHCO_24112.