From support@us.external.hp.com Wed Mar 13 00:52:12 1996
Date: Wed, 13 Mar 1996 01:00:43 -0800
From: HPSL Mail Service <support@us.external.hp.com>
Reply to: support-feedback@us.external.hp.com
To: Damien Sorder <jericho@netcom.com>
Subject: RE: send doc HPSBUX9502-024

--------
## Regarding your request:
   Send Doc HPSBUX9502-024

The following are the results of your request from the HP SupportLine mail
service.

===============================================================================
Document Id: [HPSBUX9502-024]
Date Loaded: [03-08-95]

Description: /usr/lib/sendmail has two security vulnerabilities
===============================================================================

-------------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00024, 22 Feb 95
                  *** REVISED: 7 Mar 95 ***
-------------------------------------------------------------------------

The information in the following Security Bulletin should be acted upon as
soon as possible. Hewlett- Packard will not be liable for any consequences
to any customer resulting from customer's failure to fully implement
instructions in this Security Bulletin as soon as possible.

_______________________________________________________________________
PROBLEM:  /usr/lib/sendmail has two security vulnerabilities
PLATFORM: HP 9000 series 300/400s and 700/800s 8.x and 9.x
DAMAGE:   The vulnerabilities allow users to modify any file.
SOLUTION: Apply patch PHNE_5264 (series 700/800, HP-UX 9.x), or
                      PHNE_5263 (series 700/800, HP-UX 8.x), or
                      PHNE_5260 (series 300/400, HP-UX 9.0), or
                      PHNE_5259 (series 300/400, HP-UX 8.x)

AVAILABILITY: All patches are available now.
_______________________________________________________________________


I. Vulnerability in /usr/lib/sendmail

   A. Recent CERT advisory on sendmail

   A recent CERT advisory (CERT CA-95:05) described a vulnerability
   in /usr/lib/sendmail that would allow any existing user on a system
   to modify any file on the system.  This vulnerability does not
   allow users without a local login to gain access to the system.
   (Queue file problem.)

   A previous CERT advisory (CERT CA-94:12) also described a
   vulnerability in sendmail which allows local users to gain
   access to any file on the system.   (-d debug problem)

   It has been found that all currently supported HP-UX systems have
   these two vulnerabilities.

   Another vulnerability mentioned in the CERT CA-95:05 advisory,
   the IDENT problem, is not a problem in any version of HP-UX sendmail.

   B. Fixing the problems

   The two vulnerabilities can be eliminated from releases 8.x and 9.x of
   HP-UX by applying a patch.

   Hewlett-Packard recommends that all customers concerned with the
   security of their HP-UX systems apply the appropriate patch as
   soon as possible.

   C. How to Install the Patch (for HP-UX 8.x and 9.x)

   1.  Determine which patch is appropriate for your hardware platform
       and operating system:

         PHNE_5264 (series 700/800, HP-UX 9.x),
         PHNE_5263 (series 700/800, HP-UX 8.x),
         PHNE_5260 (series 300/400, HP-UX 9.0),
         PHNE_5259 (series 300/400, HP-UX 8.x)

   2.  Hewlett Packard's HP-UX patches are available via email
        and World Wide Web

        To obtain a copy of the HP SupportLine email service user's guide,
        send the following in the TEXT PORTION OF THE MESSAGE to
        support@support.mayfield.hp.com (no Subject is required):

                      send guide

        The users guide explains the process for downloading HP-UX patches
        via email and other services available.

        World Wide Web service for downloading of patches
        is available via our URL:
        (http://support.mayfield.hp.com)


   3.  Apply the patch to your HP-UX system.

   4.  Examine /tmp/update.log for any relevant WARNINGs or ERRORs.  This
       can be done as follows:

       a.  At the shell prompt, type "tail -60 /tmp/update.log | more"
       b.  Page through the next three screens via the space bar, looking
           for WARNING or ERROR messages.


    D. Impact of the patch and workaround

    The patch for HP-UX releases 8.x and 9.x provides a new version of
    /usr/lib/sendmail which fixes the vulnerability.  No patches will be
    available for versions of HP-UX prior to 8.0.


    E. To subscribe to automatically receive future NEW HP Security
        Bulletins from the HP SupportLine mail service via electronic
        mail, send an email message to:

      support@support.mayfield.hp.com   (no Subject is required)

        Multiple instructions are allowed in the TEXT PORTION OF THE
        MESSAGE, here are some basic instructions you may want to use:

        To add your name to the subscription list for new security
        bulletins, send the following in the TEXT PORTION OF THE MESSAGE:

                  subscribe security_info

        To retrieve the index of all HP Security Bulletins issued to date,
        send the following in the TEXT PORTION OF THE MESSAGE:

                  send security_info_list

        World Wide Web service for browsing of bulletins
        is available via our URL:
        (http://support.mayfield.hp.com)

        Choose "Support news", then under Support news,
        choose "Security Bulletins"

    F. To report new security vulnerabilities, send email to

          security-alert@hp.com

_______________________________________________________________________