CVE-2007-3260

HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01072894
http://osvdb.org/37513
http://secunia.com/advisories/25689	Vendor Advisory
http://www.securityfocus.com/bid/24486	Patch
http://www.securitytracker.com/id?1018256
http://www.vupen.com/english/advisories/2007/2232
https://exchange.xforce.ibmcloud.com/vulnerabilities/34900

Configurations

Configuration 1 (hide)

cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-06-19 18:30

Updated : 2023-12-10 10:40

NVD link : CVE-2007-3260

Mitre link : CVE-2007-3260

CVE.ORG link : CVE-2007-3260

JSON object : View

Products Affected

hp

system_management_homepage

CWE

NVD-CWE-Other

{"id": "CVE-2007-3260", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-19T18:30:00.000", "references": [{"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01072894", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37513", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25689", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24486", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018256", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2232", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34900", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges."}, {"lang": "es", "value": "HP System Management Homepage (SMH) anterior a 2.1.9 para Linux, cuando se usa con Novel eDirectory, asigna a los miembros de eDirectory al grupo root, lo cual permite a usuarios de eDirectory autenticados remotamente obtener privilegios."}], "lastModified": "2017-07-29T01:32:07.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9648C394-1A9B-40CB-9BE5-C3B013E5FB2E", "versionEndIncluding": "2.1.8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}