// For flags

CVE-2011-4834

HP Application Lifestyle Management 11 - 'GetInstalledPackages' Local Privilege Escalation

Severity Score

4.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

La función GetInstalledPackages en la herramienta de configuración en HP Application Lifestyle Management (ALM) 11 en AIX, HP-UX, y Solaris permite a usuarios locales ganar privilegios a través de (1) un caballo de troya /tmp/tmp.txt FIFO o (2) un ataque symlink a /tmp/tmp.txt.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-12-08 First Exploit
  • 2011-12-14 CVE Reserved
  • 2011-12-15 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-23 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hp
Search vendor "Hp"
Application Lifestyle Management
Search vendor "Hp" for product "Application Lifestyle Management"
11
Search vendor "Hp" for product "Application Lifestyle Management" and version "11"
-
Affected
in Hp
Search vendor "Hp"
Hp-ux
Search vendor "Hp" for product "Hp-ux"
*-
Safe
Hp
Search vendor "Hp"
Application Lifestyle Management
Search vendor "Hp" for product "Application Lifestyle Management"
11
Search vendor "Hp" for product "Application Lifestyle Management" and version "11"
-
Affected
in Ibm
Search vendor "Ibm"
Aix
Search vendor "Ibm" for product "Aix"
*-
Safe
Hp
Search vendor "Hp"
Application Lifestyle Management
Search vendor "Hp" for product "Application Lifestyle Management"
11
Search vendor "Hp" for product "Application Lifestyle Management" and version "11"
-
Affected
in Sun
Search vendor "Sun"
Sunos
Search vendor "Sun" for product "Sunos"
*-
Safe