HP-UX vuepad No Authentication Privilege Escalation
Local Access Required
Loss of Integrity
Patch / RCS
The vuepad program in HP-UX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the program does not check the authentication, which could allow a user who runs the program while su'd to another account or spawned to a remote X server inadvertently allow access to malicious users.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.