Related information

Hitachi Hibun privilege escalation

From:	SECUNIA <support_(at)_secunia.com>
Date:	01.07.2005
Subject:	[SA15863] Hitachi Multiple Hibun Products Security Restriction Bypass

----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Hitachi Multiple Hibun Products Security Restriction Bypass

SECUNIA ADVISORY ID:
SA15863

VERIFY ADVISORY:
http://secunia.com/advisories/15863/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
Local system

SOFTWARE:
Hibun Advanced Information Cypher 7.x
http://secunia.com/product/5314/
Hibun Advanced Information Cypher 6.x
http://secunia.com/product/5313/
Hibun Advanced Edition Server 7.x
http://secunia.com/product/5312/
Hibun Advanced Edition Server 6.x
http://secunia.com/product/5315/

DESCRIPTION:
Two security issues have been reported in various Hitachi Hibun
products, which can be exploit by malicious, local users to bypass
certain security restrictions.

1) An error causes PCMCIA hard disks that are attached to a system to
be incorrectly treated as internal hard disks. As a result, Hibun is
unable to restrict files that are copied out to the hard disks.

2) An error in the Hibun Viewer allows the user to have privileges
beyond the View function when using the viewer from a client PC.

See the vendor advisory for a matrix of affected versions.

SOLUTION:
Hibun Advanced Edition Server (versions 07-50 through 07-50-/B):
Update to version 7.50/C

Hibun Advanced Edition Information Cypher (versions 07-50 through
07-50-/B):
Update to version 7.50/C

Updates are reportedly being scheduled for the other versions.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
Hitachi:
http://www.hitachi-support.com/security_e/vuls_e/HS05-010_e/index-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS05-011_e/index-e.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.