CVE-2011-0894

Vulnerability

HP Operations for UNIX version 9.10 contains an unspecified vulnerability, identified as CVE-2011-0894, that allows remote authenticated users to bypass intended access restrictions. The exact mechanism is not disclosed in the available references, but the CVSS score (AV:N/AC:L/Au:S/C:P/I:P/A:N) indicates network exploitable with low attack complexity and required authentication, impacting confidentiality and integrity partially [1].

Exploitation

An attacker must have valid remote authentication credentials to the HP Operations for UNIX 9.10 system. With those credentials, the attacker can exploit the vulnerability via unknown vectors referenced in the security bulletin. No additional attacker position or user interaction beyond authentication is mentioned in the references [1].

Impact

Successful exploitation allows the authenticated attacker to bypass access restrictions, resulting in partial disclosure of information and partial modification of data. The CVSS details confirm partial confidentiality and integrity impact with no availability impact [1].

Mitigation

HP released a hotfix to resolve the vulnerability. The fix is available by contacting the normal HP Services support channel and requesting the file QCCR1A121284_QCCR1A121281_hotfix.tar.gz. No workarounds are documented in the bulletin [1].