From support@us.external.hp.com Wed Mar 13 00:59:09 1996 Date: Wed, 13 Mar 1996 01:02:08 -0800 From: HPSL Mail Service Reply to: support-feedback@us.external.hp.com To: Damien Sorder Subject: RE: send doc HPSBUX9406-013 -------- ## Regarding your request: Send Doc HPSBUX9406-013 The following are the results of your request from the HP SupportLine mail service. =============================================================================== Document Id: [HPSBUX9406-013] Date Loaded: [07-06-94] Description: vhe_u_mnt allows unauthorized root access =============================================================================== ----------------------------------------------------------------------- HEWLETT-PACKARD SECURITY BULLETIN: #00013, 21 June 94 REVISED: 5 July 94 ----------------------------------------------------------------------- --------------------------REVISION BEGINS------------------------------ REVISION: PHNE_4364 was originally recommended for s700_800. PHNE_4364 did fix the security vulnerability; however the PHNE_4364.text and PHNE_4364.catalog files did not contain the proper 'sum' and 'what' strings. A new patch, PHNE_4434, has been created that contains the exact same files as PHNE_4364, EXCEPT it now contains the correct 'sum' and 'what' strings. If you have already installed PHNE_4364, you do not need to install PHNE_4434, except to insure that the 'what' and 'sum' strings are correct. ---------------------------REVISION ENDS------------------------------ _______________________________________________________________________ PROBLEM: /usr/etc/vhe/vhe_u_mnt allows unauthorized root access PLATFORM: HP 9000 Series 300, 400, 700, 800 running HP-UX 8.x, 9.x DAMAGE: A user can gain superuser access on the system. SOLUTION: Apply appropriate patches for either HP-UX 8.x or 9.x: s300_400 PHNE_4363 s700_800 PHNE_4434 _______________________________________________________________________ I. /usr/etc/vhe/vhe_u_mnt A. Nature of the Problem A problem in vhe_u_mnt allows a user the ability to execute commands as root. This problem is not obvious and requires some expertise to exploit. This vulnerability does NOT allow an outside intruder to gain access to the system; it does allow an existing user to upgrade privileges to root. B. Fixing the problem The vulnerability can be eliminated by applying a patch. Hewlett-Packard recommends that all customers concerned with the security of their HP-UX systems apply the appropriate patch as soon as possible. C. How to Install the Patch 1. Determine which patch is appropriate for your hardware platform and operating system: PLATFORM OS PATCH -------- -------- ---------- 300/400 HPUX 8.x PHNE_4363 HPUX 9.x PHNE_4363 700/800 HPUX 8.x PHNE_4434 HPUX 9.x PHNE_4434 2. Get a copy of the patch from one of the following locations: a. HP SupportLine Mail Service To obtain the patch, send the following in the TEXT PORTION OF THE MESSAGE to support@support.mayfield.hp.com (no Subject is required): send patch_name for example: send PHNE_4363 It will automatically be emailed back to you. Note that users may also download the patch from HP SupportLine via ftp, kermit, or uucp. b. Response Center Support If you need additional assistance and have a support contract, you can contact your local Response Center for further help. 3. Apply the patch to your HP-UX system. a. Become superuser (or root). b. Put the patch into /tmp. c. At the shell prompt, type "sh /tmp/PHNE_4???" d. At the shell prompt, for 9.x systems type "/etc/update -s /tmp/PHNE_4???.updt \*" Note: "???" refers to the last 3 digits of the appropriate patch from the list in step 1. 4. Examine /tmp/update.log for any relevant WARNINGs or ERRORs. This can be done as follows: a. At the shell prompt, type "tail -60 /tmp/update.log | more" b. Page through the next three screens via the space bar, looking for WARNING or ERROR messages. D. Consequences of Patch This patch will not change the functionality or performance of vhe. ----------------------------------------------------------------------- To subscribe to automatically receive NEW future HP Security Bulletins from the HP SupportLine mail service via electronic mail, send the following in the TEXT PORTION OF THE MESSAGE to support@support.mayfield.hp.com (no Subject is required): subscribe security_info To retrieve the index of all HP Security Bulletins, send the following: send security_info_list To obtain a copy of the HP SupportLine mail service user's guide, send the following: send guide.txt For security concerns, write to: security-alert@hp.com -----------------------------------------------------------------------