HP Apollo SUID Exec Vulnerability

HIGH (7.2) Patch Available Patch Patch

apollo-domainos hp korn-shell local-execution suid-exec vulnerability

Threat Intelligence

Low Risk

EPSS Score: 0.93% chance of exploitation (percentile: 76%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The HP Apollo Domain/OS sr10.2 and sr10.3 beta operating system contains a vulnerability in the /etc/suid_exec program, which is related to the Korn Shell (ksh). This allows an attacker to execute arbitrary code on the system by manipulating the suid bit on files. This vulnerability poses a significant risk, as it can be exploited locally without requiring authentication or special privileges.

Am I affected?

You're affected if you use HP Apollo Domain/OS sr10.2 and sr10.3 beta. Check with: grep "suid_exec" /etc/passwd 2>/dev/null

Affected Products

HP / Domain/OS

How to fix

Patch: Download the patch from http://www.cert.org/advisories/CA-1990-04.html.
- Immediate mitigations:
- Restrict access to the suid bit on files (e.g., set permissions to 755).
- Monitor for suspicious activity related to the suid bit.