From support@us.external.hp.com Wed Mar 13 01:01:19 1996 Date: Wed, 13 Mar 1996 01:09:12 -0800 From: HPSL Mail Service Reply to: support-feedback@us.external.hp.com To: Damien Sorder Subject: RE: send doc HPSBUX9402-006 -------- ## Regarding your request: Send Doc HPSBUX9402-006 The following are the results of your request from the HP SupportLine mail service. =============================================================================== Document Id: [HPSBUX9402-006] Date Loaded: [02-25-94] Description: Security Vulnerability in DCE/9000 =============================================================================== ########################################################################### ----------------------------------------------------------------------- HEWLETT-PACKARD SECURITY BULLETIN: #00006, 24 February 1994 ----------------------------------------------------------------------- _______________________________________________________________________ PROBLEM: Security vulnerability in HP-UX systems running HP DCE/9000 PLATFORM: HP 9000 series 700 and 800 at HP-UX revision 9.X DAMAGE: Unauthorized root access SOLUTION: Apply patch PHSS_3820 to system _______________________________________________________________________ I. HP DCE/9000 Camera Update A. Fixing the problem The problem can be eliminated by applying a patch that corrects the HP Camera component of HP DCE/9000. The patch is applicable to all the versions of HP DCE/9000 to date (i.e. HP DCE Developers' Environment and HP DCE/9000 versions 1.1 and 1.2) B. How to Install the Patch 1. Get a copy of the patch from one of the following locations: a. HP SupportLine Mail Service To obtain the patch, send the following in the TEXT PORTION OF THE MESSAGE to support@support.mayfield.hp.com (no Subject is required): send PHSS_3820 It will automatically be emailed back to you. Note that users may also download the patch from HP SupportLine via ftp, kermit, or uucp. b. Response Center Support If you need additional assistance and have a support contract, you can contact your local Response Center for further help. 2. The patch information is current as of February 24, 1994. You should list the patch: more PHSS_3820 If it has been replaced there will be banner text saying: OBSOLETE REPLACED BY PHSS_NNNN 3. Apply the patch to your HP-UX system. The complete instructions for applying the patch are in PHSS_3820.text. 4. Examine /tmp/update.log for any relevant WARNINGs or ERRORs. This can be done as follows: a. At the shell prompt, type "tail -60 /tmp/update.log | more" b. Page through the next three screens via the space bar, looking for WARNING or ERROR messages. ----------------------------------------------------------------------- To subscribe to automatically receive NEW future HP Security Bulletins from the HP SupportLine mail service via electronic mail, send the following in the TEXT PORTION OF THE MESSAGE to support@support.mayfield.hp.com (no Subject is required): subscribe security_info To retrieve the index of all HP Security Bulletins, send the following: send security_info_list To obtain a copy of the HP SupportLine mail service user's guide, send the following: send guide.txt For security concerns, write to: security-alert@hp.com ###########################################################################