CVE-2016-2016 - OpenCVE

Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Base-vxfs-50 Base-vxfs-501 Base-vxfs-51 Hp-ux

Configuration 1 [-]

AND

cpe:2.3:o:hp:hp-ux:11.11i:v3:*:*:*:*:*:*

OR	cpe:2.3:a:hp:base-vxfs-50:b.05.00.01:::::::*
	cpe:2.3:a:hp:base-vxfs-50:b.05.00.02:::::::*
	cpe:2.3:a:hp:base-vxfs-501:b.05.01.0:::::::*
	cpe:2.3:a:hp:base-vxfs-501:b.05.01.01:::::::*
	cpe:2.3:a:hp:base-vxfs-501:b.05.01.03:::::::*
	cpe:2.3:a:hp:base-vxfs-51:b.05.10.00:::::::*
	cpe:2.3:a:hp:base-vxfs-51:b.05.10.02:::::::*

No data.

References

Link	Providers
http://www.securitytracker.com/id/1035816
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-05-14T15:00:00

Updated: 2024-08-05T23:17:49.394Z

Reserved: 2016-01-22T00:00:00

Link: CVE-2016-2016

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-05-14T15:59:05.117

Modified: 2016-12-01T03:08:27.493

Link: CVE-2016-2016

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-29T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749"}, {"name": "1035816", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035816"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2016", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749"}, {"name": "1035816", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035816"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:17:49.394Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749"}, {"name": "1035816", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035816"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2016", "datePublished": "2016-05-14T15:00:00", "dateReserved": "2016-01-22T00:00:00", "dateUpdated": "2024-08-05T23:17:49.394Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:11.11i:v3:*:*:*:*:*:*", "matchCriteriaId": "DCD6B8FB-B76F-4F94-B831-CEB3BDF0A275", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:hp:base-vxfs-50:b.05.00.01:*:*:*:*:*:*:*", "matchCriteriaId": "F172ABE7-98A6-4B67-97C7-71EB2E73FBEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-50:b.05.00.02:*:*:*:*:*:*:*", "matchCriteriaId": "22D3FC30-932D-4AFB-9A46-DD4028EA16A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-501:b.05.01.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3B0834C-B33E-409A-8C1C-513F94295867", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-501:b.05.01.01:*:*:*:*:*:*:*", "matchCriteriaId": "BBAB5C7A-18EE-488E-AB8E-F206DA27F06C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-501:b.05.01.03:*:*:*:*:*:*:*", "matchCriteriaId": "339AD386-DB43-4FBD-A2FD-2EA588F2E7DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-51:b.05.10.00:*:*:*:*:*:*:*", "matchCriteriaId": "51FDC11B-8BFE-4CF7-81CD-4F70630C48BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:base-vxfs-51:b.05.10.02:*:*:*:*:*:*:*", "matchCriteriaId": "711A8AB8-AF93-44C8-B63F-D3BDADD9FCF2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory."}, {"lang": "es", "value": "Base-VxFS-50 B.05.00.01 hasta la versi\u00f3n B.05.00.02, Base-VxFS-501 B.05.01.0 hasta la versi\u00f3n B.05.01.03, y Base-VxFS-51 B.05.10.00 hasta la versi\u00f3n B.05.10.02 en HPE HP-UX 11iv3 con VxFS 5.0, VxFS 5.0.1 y VxFS 5.1SP1 no maneja correctamente la herencia ACL para default:class: entries, default:other: entries y default:user: entries, lo que permite a usuarios locales eludir las restricciones destinadas al acceso aprovechando la configuraci\u00f3n de un directorio padre."}], "id": "CVE-2016-2016", "lastModified": "2016-12-01T03:08:27.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-14T15:59:05.117", "references": [{"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1035816"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}