CVE-2011-4834

HP Application Lifestyle Management - Access Control

Title source: rule

Description

The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · bashlocallinux

https://www.exploit-db.com/exploits/36430

View Code ZIP pw:eip

References (4)

[Exploit] http://0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html

[Vendor Advisory] http://secunia.com/advisories/47040

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71698

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/520783/100/0/threaded

Scores

EPSS 0.0117

EPSS Percentile 78.7%

Details

CWE

CWE-264

Status published

Products (1)

hp/application_lifestyle_management 11

Published Dec 15, 2011

Tracked Since Feb 18, 2026