VULHUB ™

Aserver is a server program that ships with HP-UX versions 10.x and above that is used to interface client applications with the audio hardware. Because it talks to hardware, it is installed setuid root by default. During normal execution, Aserver creates a temporary file in /tmp called "last_uuid". Aserver does not check to see whether this file exists or not before changing it's mode to world-writeable. As a result of this behaviour, it is possible for local users to create symbolic links with the filename 'last_uuid' in /tmp that point to arbitrary files (such as /.rhosts). By then executing Aserver with the -f argument, the file pointed to will become world writeable. Exploiting this vulnerability will lead to elevation of privileges to root for the attacker.

Aserver is a server program that ships with HP-UX versions 10.x and above that is used to interface client applications with the audio hardware. Because it talks to hardware, it is installed setuid root by default. During normal execution, Aserver creates a temporary file in /tmp called "last_uuid". Aserver does not check to see whether this file exists or not before changing it's mode to world-writeable. As a result of this behaviour, it is possible for local users to create symbolic links with the filename 'last_uuid' in /tmp that point to arbitrary files (such as /.rhosts). By then executing Aserver with the -f argument, the file pointed to will become world writeable. Exploiting this vulnerability will lead to elevation of privileges to root for the attacker.