CVE-2007-3260

Description

HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.

Affected products

• HP / system_management_homepage2.1.8

References

• MISChttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01072894
• MISChttp://www.securityfocus.com/bid/24486
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/34900
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/2232
• MISChttp://osvdb.org/37513
• MISChttp://www.securitytracker.com/id?1018256
• VENDOR_ADVISORYhttp://secunia.com/advisories/25689
• MISChttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01072894