TUCoPS :: HP/UX :: vvault4.htm

HP-UX VirtualVault xlock unauthorised access vulnerability 
Vulnerability

    xlock

Affected

    HP9000 Series 700/800s running:
      HP-UX 10.24 (VVOS) with VirtualVault A.02.00 with patch PHSS_9905.
      HP-UX  10.24  (VVOS)  with  VirtualVault A.03.00 with Extensions
      Software (this includes PHSS_9905)

Description

    The xlock  program allows  a user  to "lock"  an X  terminal while
    maintaining their login session.  A vulnerability exists in  xlock
    that could allow a local user to attain unauthorized access to the
    system.   Vulnerabilities exist  in xlock  on VirtualVault 2.0/3.0
    if patch PHSS_9905 is installed.

Solution

    This problem can be eliminated by applying the recommended  patch.
    Hewlett-Packard recommends that the PHSS_12961 patch be applied if
    PHSS_9905  has  already  been  installed.   The PHSS_9905 patch is
    included   in   the   Software   Extension   Media  provided  with
    VirtualVault A.03.00.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH