From support@us.external.hp.com Wed Mar 13 01:01:34 1996 Date: Wed, 13 Mar 1996 01:09:30 -0800 From: HPSL Mail Service Reply to: support-feedback@us.external.hp.com To: Damien Sorder Subject: RE: send doc HPSBUX9402-003 -------- ## Regarding your request: Send Doc HPSBUX9402-003 The following are the results of your request from the HP SupportLine mail service. =============================================================================== Document Id: [HPSBUX9402-003] Date Loaded: [02-09-94] Description: Security Vulnerability in Subnetconfig =============================================================================== ----------------------------------------------------------------------- HEWLETT-PACKARD SECURITY BULLETIN: #00003, 7 February 94 ----------------------------------------------------------------------- _______________________________________________________________________ PROBLEM: Security vulnerability in /etc/subnetconfig PLATFORM: HP 9000 Series 300, 400, 700, 800 running HP-UX 9.0/9.01 DAMAGE: An existing user can increase access privileges. SOLUTION: Apply patch PHNE_3563 (series 300/400, HP-UX 9.0), or PHNE_3564 (series 700/800, HP-UX 9.0/9.01 ONLY) AVAILABILITY: Monday, 7 Feb 94 _______________________________________________________________________ I. /etc/subnetconfig A. Problem A vulnerability exists in certain versions of subnetconfig that allow existing users on a system to increase their privileges. These versions of subnetconfig exist on HP-UX versions 9.0 and 9.01. They do not exist in prior versions of HP-UX or in versions subsequent to the above (9.03, etc.) The vulnerability is a result of an access permissions problem. B. Fixing the problem The vulnerability can be eliminated by applying a patch. Hewlett-Packard recommends that all customers concerned with the security of their HP-UX systems apply the appropriate patch as soon as possible. C. How to Install the Patch 1. Determine which patch is appropriate for your hardware platform and operating system: PHNE_3563 -- Series 300/400, HP-UX 9.0 PHNE_3564 -- Series 700/800, HP-UX 9.0/9.01 2. Get a copy of the patch from one of the following locations: a. HP SupportLine Mail Service To obtain the patch, send the following in the TEXT PORTION OF THE MESSAGE to support@support.mayfield.hp.com (no Subject is required): send patch_name for example: send PHNE_35nn It will automatically be emailed back to you. Note that users may also download the patch from HP SupportLine via ftp, kermit, or uucp. b. Response Center Support If you need additional assistance and have a support contract, you can contact your local Response Center for further help. 3. Apply the patch to your HP-UX system. a. Become superuser (or root). b. Put the patch into /tmp. c. At the shell prompt, type "sh /tmp/PHNE_35nn" d. At the shell prompt, for 9.x systems type "/etc/update -s /tmp/PHNE_35nn.updt \*" Note: "nn" refers to the last two digits of the appropriate patch from the list in step 1. 4. Examine /tmp/update.log for any relevant WARNINGs or ERRORs. This can be done as follows: a. At the shell prompt, type "tail -60 /tmp/update.log | more" b. Page through the next three screens via the space bar, looking for WARNING or ERROR messages. D. Consequences of Patch As a result of applying this patch and closing the security hole, /etc/subnetconfig will no longer be executable by non-root users. This is consistent with the intended use of this program; it is intended for system administrators. ----------------------------------------------------------------------- To subscribe to automatically receive NEW future HP Security Bulletins from the HP SupportLine mail service via electronic mail, send the following in the TEXT PORTION OF THE MESSAGE to support@support.mayfield.hp.com (no Subject is required): subscribe security_info To retrieve the index of all HP Security Bulletins, send the following: send security_info_list To obtain a copy of the HP SupportLine mail service user's guide, send the following: send guide.txt For security concerns, write to: security-alert@hp.com -----------------------------------------------------------------------