CVE-2016-2016 - OpenCVE

Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Base-vxfs-50 Base-vxfs-51 Base-vxfs-501 Hp-ux

Configuration 1 [-]

AND

cpe:2.3:o:hp:hp-ux:11.11i:v3:*:*:*:*:*:*

OR	cpe:2.3:a:hp:base-vxfs-50:b.05.00.01:::::::*
	cpe:2.3:a:hp:base-vxfs-50:b.05.00.02:::::::*
	cpe:2.3:a:hp:base-vxfs-501:b.05.01.0:::::::*
	cpe:2.3:a:hp:base-vxfs-501:b.05.01.01:::::::*
	cpe:2.3:a:hp:base-vxfs-501:b.05.01.03:::::::*
	cpe:2.3:a:hp:base-vxfs-51:b.05.10.00:::::::*
	cpe:2.3:a:hp:base-vxfs-51:b.05.10.02:::::::*

References

Link	Resource
http://www.securitytracker.com/id/1035816
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-05-14T15:00:00

Updated: 2016-11-29T21:57:01

Reserved: 2016-01-22T00:00:00

Link: CVE-2016-2016

JSON object: View

NVD Information

Status : Modified

Published: 2016-05-14T15:59:05.117

Modified: 2016-12-01T03:08:27.493

Link: CVE-2016-2016

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-29T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749"}, {"name": "1035816", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035816"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2016", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749"}, {"name": "1035816", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035816"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2016", "datePublished": "2016-05-14T15:00:00", "dateReserved": "2016-01-22T00:00:00", "dateUpdated": "2016-11-29T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:11.11i:v3:*:*:*:*:*:*", "matchCriteriaId": "DCD6B8FB-B76F-4F94-B831-CEB3BDF0A275", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:hp:base-vxfs-50:b.05.00.01:*:*:*:*:*:*:*", "matchCriteriaId": "F172ABE7-98A6-4B67-97C7-71EB2E73FBEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-50:b.05.00.02:*:*:*:*:*:*:*", "matchCriteriaId": "22D3FC30-932D-4AFB-9A46-DD4028EA16A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-501:b.05.01.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3B0834C-B33E-409A-8C1C-513F94295867", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-501:b.05.01.01:*:*:*:*:*:*:*", "matchCriteriaId": "BBAB5C7A-18EE-488E-AB8E-F206DA27F06C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-501:b.05.01.03:*:*:*:*:*:*:*", "matchCriteriaId": "339AD386-DB43-4FBD-A2FD-2EA588F2E7DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-51:b.05.10.00:*:*:*:*:*:*:*", "matchCriteriaId": "51FDC11B-8BFE-4CF7-81CD-4F70630C48BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-51:b.05.10.02:*:*:*:*:*:*:*", "matchCriteriaId": "711A8AB8-AF93-44C8-B63F-D3BDADD9FCF2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory."}, {"lang": "es", "value": "Base-VxFS-50 B.05.00.01 hasta la versi\u00f3n B.05.00.02, Base-VxFS-501 B.05.01.0 hasta la versi\u00f3n B.05.01.03, y Base-VxFS-51 B.05.10.00 hasta la versi\u00f3n B.05.10.02 en HPE HP-UX 11iv3 con VxFS 5.0, VxFS 5.0.1 y VxFS 5.1SP1 no maneja correctamente la herencia ACL para default:class: entries, default:other: entries y default:user: entries, lo que permite a usuarios locales eludir las restricciones destinadas al acceso aprovechando la configuraci\u00f3n de un directorio padre."}], "id": "CVE-2016-2016", "lastModified": "2016-12-01T03:08:27.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-14T15:59:05.117", "references": [{"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1035816"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}