PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE MANAGER
{IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
SUBJECT:  REVISED HEWLETT-PACKARD NIS YPBIND VULNERABILITY {AUTOMATED
SYSTEM SECURITY INCIDENT SUPPORT TEAM {ASSIST} BULLETIN 93-01}.
1.  THIS BULLETIN CONTAINS NEW INFORMATION REGARDING AVAILABILITY OF
IMAGE KITS DESCRIBED EARLIER IN ASSIST BULLETIN 92-65.  THE
VULNERABILITY EXISTS IN THE NIS YPBIND MODULE FOR THE HEWLETT-PACKARD
(HP) HP/UX OPERATING SYSTEM FOR SERIES 300, 700, AND 800 COMPUTERS. 
HP HAS PROVIDED REVISED PATCHES FOR ALL OF THE HP/UX LEVEL 8 RELEASES
(8.0, 8.02, 8.06, AND 8.07).  THIS PROBLEM IS FIXED IN HP/UX 9.0.
THE FOLLOWING PATCHES HAVE BEEN SUPERSEDED:
PATCH ID        REPLACED BY PATCH ID
PHNE_1359       PHNE_1706
PHNE_1360       PHNE_1707
PHNE_1361       PHNE_1708
2.  ALL HP NIS CLIENTS AND SERVERS RUNNING YPBIND SHOULD OBTAIN AND 
INSTALL THE PATCH APPROPRIATE FOR THEIR MACHINE'S ARCHITECTURE. 
THESE PATCHES CONTAIN A VERSION OF YPBIND THAT ONLY ACCEPTS YPSET
REQUESTS FROM A SUPERUSER PORT ON THE LOCAL HOST.  THIS PREVENTS
A NON-SUPERUSER PROGRAM FROM SENDING ROGUE YPSET REQUESTS TO YPBIND.
THE PATCHES ALSO INCLUDE THE MOD FROM THE SUPERSEDED PATCHES WHICH
PREVENTED A SUPERUSER ON A REMOTE SYSTEM FROM ISSUING A YPSET -H
COMMAND TO THE LOCAL SYSTEM AND BINDING THE SYSTEM TO A ROGUE
YPSERVER.
3.  THESE PATCHES MAY BE OBTAINED FROM HP VIA FTP (THIS IS NOT
ANONYMOUS FTP) OR THE HP SUPPORTLINE.  TO OBTAIN HP SECURITY PATCHES,
YOU MUST FIRST REGISTER WITH THE HP SUPPORTLINE.  THE REGISTRATION
INSTRUCTIONS ARE AVAILABLE VIA ANONYMOUS FTP AT CERT.ORG
(192.88.209.5) IN THE FILE
"PUB/VENDORS/HP/SUPPORTLINE_AND_PATCH_RETRIEVAL".
THE NEW PATCH FILES ARE:
ARCH.      PATCH ID   FILENAME                              CHECKSUM
---------- --------   --------                              --------
SERIES 300 PHNE_1706  /HP-UX_PATCHES/S300_400/8.X/PHNE_1706 38955 212
SERIES 700 PHNE_1707  /HP-UX_PATCHES/S700/8.X/PHNE_1707       815 311
SERIES 800 PHNE_1708  /HP-UX_PATCHES/S800/8.X/PHNE_1708     56971 299
4.  THE INSTRUCTIONS FOR INSTALLING THE PATCH ARE PROVIDED IN THE
PHNE_XXXX.TEXT FILE (THIS FILE IS CREATED AFTER THE PATCH HAS BEEN
UNPACKED).  THE CHECKSUMS ARE FOR THE PATCH ARCHIVE FILES FROM HP.
ONCE UNPACKED, EACH SHELL ARCHIVE CONTAINS ADDITIONAL CHECKSUM 
INFORMATION IN THE FILE "PATCHFILENAME.TEXT".  THIS CHECKSUM IS
APPLICABLE TO THE BINARY PATCH FILE "PATCHFILENAME.UPDT".
5.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
PETE HAMMES, COMM {703} 696-1924/04 OR DSN 226-1924/04.  ASSIST CAN
BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE {800-
759-7243}, PIN NUMBER 2133937.  WHEN CALLING THE PAGER SERVICE,
FOLLOW THE AUTOMATED VOICE INSTRUCTIONS AND ENTER THE CALL BACK
NUMBER AFTER THE PROMPT.  THE ASSIST DUTY OFFICER WILL CALL YOU BACK
WITHIN 30 MINUTES.  IF FASTER SERVICE IS REQUIRED, PREFIX YOUR
TELEPHONE NUMBER WITH "999", AND THE ASSIST DUTY OFFICER WILL CALL
BACK WITHIN 5 MINUTES.  ASSIST CAN BE REACHED VIA E-MAIL AT "DOD-
CERT{AT-SIGN}DDN-CONUS.DDN.MIL".
BT