CVE-2004-2693

Vulnerability

HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed have insecure directory permissions on files in /opt/gnome/src/GLib/. The source files in this product are world writable after installation [1].

Exploitation

A local authenticated user can modify the world-writable source files in /opt/gnome/src/GLib/. If new libraries are subsequently built from this source, the attacker's modifications may be incorporated, leading to arbitrary code execution when the libraries are loaded. No special authentication beyond a local account is required [1].

Impact

A local attacker who successfully modifies the source files can cause arbitrary code to be executed in the context of any user or service that loads the subsequently built libraries. This can lead to elevated privileges on the system [1].

Mitigation

The bulletin does not provide a specific fix or patch version. HP recommends that after installation, users verify the integrity of the affected files before building libraries from the source. No KEV listing is known. Users should restrict access to the affected directories or remove world-writable permissions on the source files [1].