{"vuid":"VU#420475","idnumber":"420475","name":"Hewlett-Packard Virtual Vault OS (VVOS) contains vulnerability in mkacct program","keywords":["Hewlett-Packard","Virtual Vault OS","VVOS","mkacct program"],"overview":"There is a vulnerability in the /sbin/mkacct program, part of Hewlett Packard's Virtual Vault Operating System (VVOS).","clean_desc":"Virtual Vault is an environment \"designed for use in the financial services, telecommunications, manufacturing, and retail industries to provide services such as Internet banking, online billing systems, and electronic commerce,\" built on top of a \"security hardened version of the HP-UX operating system.\" A vulnerability in the /sbin/mkacct program could allow an intruder to gain \"unauthorized privileged access.\" No other details are available. Specifically, it is unknown if an intruder can exploit this vulnerability remotely in some way. For more information, see HP Security Bulletin #0161.","impact":"According to Hewlett Packard, an intruder can gain, \"unauthorized privileged access.\"","resolution":"Apply the patches listed below from Hewlett Packard: VirtualVault 4.0:  PHSS_24169\nVirtualVault 4.5:  PHSS_24212","workarounds":"","sysaffected":"","thanks":"Thanks to Hewlett Packard for the information contained in their advisory.","author":"This document was written by Shawn V. Hernan.","public":["http://www.securityfocus.com/bid/3072","http://www.hp.com/security/products/virtualvault/"],"cveids":["CVE-2001-1264"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-07-23T14:37:24Z","publicdate":"2001-07-19T00:00:00Z","datefirstpublished":"2001-08-15T23:08:43Z","dateupdated":"2001-08-17T21:25:54Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"11.953125","cam_scorecurrentwidelyknown":"14.34375","cam_scorecurrentwidelyknownexploited":"23.90625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.953125,"vulnote":null}