-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================================================================
>>                                                      CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl.  Links  <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>>                                                                           <<
>> CERT-NL also has stopped the CERT-CC-Mirror service.  Due to this the     <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the  <<
>> complete CERT-CC advisory texts:                     http://www.cert.org  <<
===============================================================================
===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : CERT-NL (Rene Ritzen)                       Index  :    S-94-13
Distribution  : World                                       Page   :          1
Classification: External                                    Version:      Final
Subject       : Vulnerability in HP/UX /etc/subnetconfig    Date   :  17-May-94
===============================================================================

CERT-NL received information on a vulnerability in HP/UX /etc/subnetconfig.

All honours to Hewlett-Packard as provider of the following information

===============================================================================
- -----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00003, 7 February 94
- -----------------------------------------------------------------------

_______________________________________________________________________
PROBLEM:  Security vulnerability in /etc/subnetconfig
PLATFORM: HP 9000 Series 300, 400, 700, 800 running HP-UX 9.0/9.01
DAMAGE:   An existing user can increase access privileges.
SOLUTION: Apply patch PHNE_3563 (series 300/400, HP-UX 9.0), or
          PHNE_3564 (series 700/800, HP-UX 9.0/9.01 ONLY)
AVAILABILITY: Monday, 7 Feb 94
_______________________________________________________________________


I. /etc/subnetconfig


   A. Problem

   A vulnerability exists in certain versions of subnetconfig
   that allow existing users on a system to increase their
   privileges.  These versions of subnetconfig exist on HP-UX
   versions 9.0 and 9.01.  They do not exist in prior versions
   of HP-UX or in versions subsequent to the above (9.03, etc.)
   The vulnerability is a result of an access permissions
   problem.


   B. Fixing the problem

   The vulnerability can be eliminated by applying a patch.
   Hewlett-Packard recommends that all customers concerned with the
   security of their HP-UX systems apply the appropriate patch
   as soon as possible.


   C. How to Install the Patch

   1.  Determine which patch is appropriate for your hardware
       platform and operating system:

       PHNE_3563 -- Series 300/400, HP-UX 9.0
       PHNE_3564 -- Series 700/800, HP-UX 9.0/9.01

   2.  Get a copy of the patch from one of the following locations:

       a. HP SupportLine Mail Service

       To obtain the patch, send the following in the TEXT PORTION
       OF THE MESSAGE to support@support.mayfield.hp.com
       (no Subject is required):

     send patch_name

       for example:

                send PHNE_35nn

       It will automatically be emailed back to you.  Note that
       users may also download the patch from HP SupportLine via
       ftp, kermit, or uucp.


       b. Response Center Support

       If you need additional assistance and have a support
       contract, you can contact your local Response Center for
       further help.


   3.  Apply the patch to your HP-UX system.

       a. Become superuser (or root).
       b. Put the patch into /tmp.
       c. At the shell prompt, type "sh /tmp/PHNE_35nn"
       d. At the shell prompt, for 9.x systems type
   "/etc/update -s /tmp/PHNE_35nn.updt \*"

       Note: "nn" refers to the last two digits of the appropriate
       patch from the list in step 1.

   4.  Examine /tmp/update.log for any relevant WARNINGs or ERRORs.
       This can be done as follows:

       a.  At the shell prompt, type
               "tail -60 /tmp/update.log | more"
       b.  Page through the next three screens via the space bar,
           looking for WARNING or ERROR messages.

   D. Consequences of Patch

   As a result of applying this patch and closing the security
   hole, /etc/subnetconfig will no longer be executable by non-root
   users.  This is consistent with the intended use of this program;
   it is intended for system administrators.

- -----------------------------------------------------------------------
To subscribe to automatically receive NEW future HP Security Bulletins
from the HP SupportLine mail service via electronic mail, send the
following in the TEXT PORTION OF THE MESSAGE to
support@support.mayfield.hp.com (no Subject is required):

   subscribe security_info

To retrieve the index of all HP Security Bulletins, send the following:

   send security_info_list

To obtain a copy of the HP SupportLine mail service user's guide,
send the following:

   send guide.txt


For security concerns, write to:

 security-alert@hp.com

- -----------------------------------------------------------------------
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
  http://cert.surfnet.nl/

In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 22 92 35 64      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOL6WFDSYjBqwfc9jEQLFDwCeI+jHFK2TNuHeBGmy1BpqtCFMuooAnikE
HSA9JX7jFXfvyvbrePKpdNyT
=9LeL
-----END PGP SIGNATURE-----