Subject HP Aserver Date 01-Jan-2000
354f17770e368ce57ecef520cc687a565e433f1f41b63a2486fa5194539d7bb3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===============================================================================
>> CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl. Links <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>> <<
>> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the <<
>> complete CERT-CC advisory texts: http://www.cert.org <<
===============================================================================
===============================================================================
Security Advisory CERT-NL
===============================================================================
Author/Source : Teun Nijssen Index : S-00-01
Distribution : World Page : 1
Classification: External Version: 1
Subject : HP Aserver Date :01-Jan-2000
===============================================================================
By courtesy of HEWLETT-PACKARD COMPANY we received
information on a vulnerability in /opt/audio/bin/Aserver
CERT-NL recommends to disable the audio server and start the year, the century
and the millennium silently after all that firework.
-------------------------------------------------------------------------
HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00108, 01 Jan 2000
-------------------------------------------------------------------------
PROBLEM: /opt/audio/bin/Aserver can be used to gain root access.
PLATFORM: HP9000 Series 7/800 running HP-UX releases 10.X and 11.X
DAMAGE: Root access is possible.
SOLUTION: Until patches are available disable the Aserver (see below).
AVAILABILITY: This advisory will be updated when patches are available.
-------------------------------------------------------------------------
I.
A. Background
A procedure to use /opt/audio/bin/Aserver to gain root access
has been made public.
B. Recommended solution
Until a patch is available, the only two temporary fixes currently
available are to disable /opt/audio/bin/Aserver by removing the
file, or to remove execute permissions as follows.
As root remove functionality with:
chmod 400 /opt/audio/bin/Aserver
As an alternative, if it is absolutely necessary to run the Aserver,
it can be run - yet the system will be vulnerable while the Aserver
is starting.
Again as root:
chmod 6555 /opt/audio/bin/Aserver
[***Warning - /opt/audio/bin/Aserver is now vulnerable.***]
/opt/audio/bin/Aserver -f
[Wait for the parent and child processes to start.]
chmod 400 /opt/audio/bin/Aserver
[/opt/audio/bin/Aserver is now safe.]
===============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).
All CERT-NL material is available under:
http://cert.surfnet.nl/
In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).
CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS
Phone: +31 302 305 305 BUSINESS HOURS ONLY
Fax: +31 302 305 329 BUSINESS HOURS ONLY
Snailmail: SURFnet bv
Attn. CERT-NL
P.O. Box 19035
NL - 3501 DA UTRECHT
The Netherlands
NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQA/AwUBOMTOXTSYjBqwfc9jEQIlygCfRpY6y8kRd8TuLMk4Mg+UcA2OR/QAoKu2
2B1uZ+lvAnzwxAHknwyPpZaL
=IfHF
-----END PGP SIGNATURE-----