From support@us.external.hp.com Wed Mar 13 00:58:16 1996
Date: Wed, 13 Mar 1996 01:01:37 -0800
From: HPSL Mail Service <support@us.external.hp.com>
Reply to: support-feedback@us.external.hp.com
To: Damien Sorder <jericho@netcom.com>
Subject: RE: send doc HPSBUX9408-000

--------
## Regarding your request:
   Send Doc HPSBUX9408-000

The following are the results of your request from the HP SupportLine mail
service.

===============================================================================
Document Id: [HPSBUX9408-000]
Date Loaded: [10-13-94]

Description: Sum and MD5 sums of HP-UX Security Bulletins
===============================================================================

-------------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00000, 31 Aug 94
                  ******** ADVISORY ONLY ********
                      REVISED: 12 October 94
NOTE: 'sum' is now used in place of 'sum -p'
NOTE: Entries for bulletins 14, 16, and 17 have corrected md5 signatures
NOTE: Entry for bulletin 18 has been added
-------------------------------------------------------------------------

_______________________________________________________________________
CONTENT: Security bulletin check sums.
PLATFORM: All HP-UX systems.
_______________________________________________________________________

The following is the list of MD5 and sum(1) outputs for
security bulletins.  See Security Bulletin #16 (HPSBUX9408-016)
for information on the MD5 program.

The sums are calculated on the security bulletin:

1. starting with the line of dashes just before the
   "HEWLETT-PACKARD SECURITY BULLETIN" line

2. ending with and including the last non-blank line of the bulletin.

In the following example the lines enclosed with "[]" are
comments, not part of the bulletin.
For example:

[input for sum starts with the next line]
-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00001, 12 November 93
-----------------------------------------------------------------------

[ body of bulletin deleted ]

    to disable the ``prog'' mailer by modifying the sendmail configuration
    file is required.
[input for sum ends with the previous line]

The following scripts will calculate the sums and search for them
in this bulletin.  It assumes that this bulletin and the bulletin
to test are both in the current directory.  It also assumes that
md5 is installed an can be reached via $PATH.

Here is an example of verifying Security Bulletin #10:

   $ ./find_sums SB.10 SB.00
   md5 output    = EE62314AB203230F1B861C523A1CA326
   sum -p output = 3884879382 4531
   A sum in SB.00 matches SB.10

Here is an example of an altered copy of Security Bulletin #10:

   $ ./find_sums SB.10.bad SB.00
   ERROR: No sum in SB.00 matches SB.10.bad


----------------------
find_sums
----------------------
#!/bin/sh
bulletin_to_sum=$1
bulletin_with_sums=$2
./trim_bulletin $bulletin_to_sum temp$$
md5_sum=`md5 temp$$ | tr "[a-f]" "[A-F]" |  cut -d" " -f4`
grep $md5_sum $bulletin_with_sums
found=$?
if [ -x /bin/sum ]
then
  sum=`sum temp$$ | cut -d" " -f1,2`
  grep "$sum" $bulletin_with_sums
else
  echo "WARNING: No /bin/sum.  Using md5 outout only."
fi
if [ $found = 0 ]
then
  echo A sum in $bulletin_with_sums matches $bulletin_to_sum
else
  echo ERROR: No sum in $bulletin_with_sums matches $bulletin_to_sum
fi
rm temp$$

----------------------
trim_bulletin
----------------------
#!/bin/sh
last=`grep "[^ ]" $1 | tail -1`    # last non-blank line
last_number=`grep -n -e "$last" $1 | tail -1 | cut -d: -f1`
hp_line=`grep -n "HEWLETT.PACKARD SECURITY BULLETIN" $1 | head -1 \
   | cut -d: -f1`   # Bulletin title line number
#echo Last non-blank line = $last
#echo last_number = $last_number
#echo HP line = $hp_line
# Copy from the line before the title line up to and including
# the last non-blank line into $2
awk  -v hp_line=$hp_line -v last_number=$last_number -f trim.awk $1 >$2

----------------------
trim.awk
----------------------
{ n = n+ 1
  if( n>=hp_line-1 && n<=last_number) {
    print $0
  }
}


------
SUMS
------

Document Id: HPSBUX9311-001
Description: Security Vulnerability in Sendmail
-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00001, 12 November 93
-----------------------------------------------------------------------
md5 output    = 63F93670D04DAD17CF2C9FFFE6FA346E
sum output    = 58622 17

Document Id: HPSBUX9312-002
Description: Security Vulnerability in Xterm
-------------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00002, 30 November 93
                                         REVISED 01 December 93
-------------------------------------------------------------------------
md5 output    = 5A54B5688B5F9966CF819CCA4A67D74C
sum output    = 16950 11

Document Id: HPSBUX9402-003
Description: Security Vulnerability in Subnetconfig
-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00003, 7 February 94
-----------------------------------------------------------------------
md5 output    = 2BCD3EB6A412BD7E63CBFE8D64E494D0
sum output    = 48626 8

Document Id: HPSBUX9402-004
Description: Promiscuous mode network interfaces
-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00004, 10 February 94
-----------------------------------------------------------------------
md5 output    = 66DCCEA5B45A07C990B79154F37F1329
sum output    = 42026 20

Document Id: HPSBUX9402-005
Description: Security Vulnerability in Hpterm
-----------------------------------------------------------------------
**REVISED 01**HEWLETT-PACKARD SECURITY BULLETIN: #00005, 01 June 94
-----------------------------------------------------------------------
md5 output    = AA4E76656319353CE92697005D491162
sum output    = 56505 9

Document Id: HPSBUX9402-006
Description: Security Vulnerability in DCE/9000
-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00006, 24 February 1994
-----------------------------------------------------------------------
md5 output    = 990A91B091F23270DBABD70CA5217480
sum output    = 30116 6

Document Id: HPSBUX9404-007
Description: HP-UX does not have ftpd SITE EXEC vulnerability
-----------------------------------------------------------------------
        HEWLETT-PACKARD SECURITY BULLETIN: #00007, 22 April 94
                  ******** ADVISORY ONLY ********
-----------------------------------------------------------------------
md5 output    = 8BF80B9CBD20BAB26746C6518B590CDB
sum output    = 30539 6

Document Id: HPSBUX9404-008
Description: Security Vulnerability in Vue 3.0
-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00008, 19 April 1994
-----------------------------------------------------------------------
md5 output    = 6834A0BF6B9BDD1F3E88F097BD4CCF3E
sum output    = 20195 6

Document Id: HPSBUX9405-009
Description: PROBLEM:  Incomplete implementation of OSF/AES standard
---------------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00009, 05 May 1994
---------------------------------------------------------------------------
md5 output    = 6C7640EAF2F6BDE5DD553D0BB41B13A4
sum output    = 12463 8

Document Id: HPSBUX9405-010
Description: ftpd: SITE CHMOD / race condition vulnerability
-----------------------------------------------------------------------
        HEWLETT-PACKARD SECURITY BULLETIN: #00010, 4 May 94
                  ******** ADVISORY ONLY ********
-----------------------------------------------------------------------
md5 output    = EE62314AB203230F1B861C523A1CA326
sum output    = 39443 9

Document Id: HPSBUX9405-011
Description: Security Vulnerability in HP GlancePlus
-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00011, 04 May 94
-----------------------------------------------------------------------
md5 output    = 609F308EE3B2E410AE10A1DA6763F31B
sum output    = 8827 9

Document Id: HPSBUX9405-012
Description: Security vulnerability in Multimedia Sharedprint
-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00012, 04 May 1994
-----------------------------------------------------------------------
md5 output    = F71D359F0191C5522391B2E6DB32BE4E
sum output    = 59925 4

Document Id: HPSBUX9406-013
Description: vhe_u_mnt allows unauthorized root access
-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00013, 21 June 94
                         REVISED: 5 July 94
-----------------------------------------------------------------------
md5 output    = DAD958ED9FAD354528F2C163F9134FD9
sum output    = 22840 10

Document Id: HPSBUX9406-014
Description: Patch file permissions vulnerability
-----------------------------------------------------------------------------
           HEWLETT PACKARD SECURITY BULLETIN: #00014, 05 July 1994
-----------------------------------------------------------------------------
md5 output    = A5DB41ABB168BE7D6B0EF5056F84ACE4
sum output    = 14019 12

Document Id: HPSBUX9407-015
Description: Xauthority problem
-------------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00015, 13 July 94
-------------------------------------------------------------------------
md5 output    = EDE2D6E67C898102A36AC9DD6C91B2AC
sum output    = 49783 7

Document Id: HPSBUX9408-016
Description: Patch sums and the MD5 program
-------------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00016, 29 August 94
                ******** ADVISORY ONLY ********
-------------------------------------------------------------------------
md5 output    = 4FA8B654ECC47D7176477063C4D26548
sum output    = 16450 69

Document Id: HPSBUX9409-017
Description: Security Vulnerability in CORE-DIAG fileset
-------------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00017, 21 September 94
-------------------------------------------------------------------------
md5 output    = A7461B67E9DC101A17DF4A792DAA2F60
sum output    = 20041 13

Document Id: HPSBUX9410-018
Description: Security Vulnerability in xwcreate/gwind
-------------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00018, 12 October 94
-------------------------------------------------------------------------
md5 output    = 9A4E23D314AA4F3000B51191454E2CD2
sum output    = 63872 9
-----------
END OF SUMS
-----------
-----------------------------------------------------------------------
To subscribe to automatically receive NEW future HP Security Bulletins
from the HP SupportLine mail service via electronic mail, send the
following in the TEXT PORTION OF THE MESSAGE to
support@support.mayfield.hp.com (no Subject is required):

   subscribe security_info

To retrieve the index of all HP Security Bulletins, send the following:

   send security_info_list

To obtain a copy of the HP SupportLine mail service user's guide,
send the following:

   send guide.txt


For security concerns, write to:

        security-alert@hp.com

###########################################################################