S-00-01.htm
06d3510cefcebf4fd49f0a1aa7d0ec4c01ee0fb8ff53eb451c672a4b42743f6b
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 3.0">
<title>CERT-NL S-00-01</title>
</head>
<body link="#009966" vlink="#006041">
<div align="left">
<table border="0" width="100%" cellspacing="0">
<tr>
<td colspan="3" bgcolor="#009966" width="760"><blockquote>
<p><font face="Arial"><strong><big>Security Advisory</big></strong></font></p>
</blockquote>
</td>
<td colspan="2" align="right" bgcolor="#009966" width="103"><img src="../../hs-kader-logo.gif" alt="hs-kader-logo.gif (586 bytes)" WIDTH="100" HEIGHT="41"></td>
<td align="center" bgcolor="#009966" colspan="2" width="95"><strong><font face="Arial">CERT-NL</font></strong></td>
</tr>
<tr>
<td width="115" bgcolor="#99CC99">Author/Source</td>
<td width="6" bgcolor="#99CC99">:</td>
<td width="100%">Teun Nijssen</td>
<td width="96" bgcolor="#99CC99">Index</td>
<td colspan="2" width="6" bgcolor="#99CC99">:</td>
<td align="right" width="90">S-00-01</td>
</tr>
<tr>
<td width="115" bgcolor="#99CC99">Distribution</td>
<td width="6" bgcolor="#99CC99">:</td>
<td width="627">World</td>
<td width="96" bgcolor="#99CC99">Page</td>
<td colspan="2" width="6" bgcolor="#99CC99">:</td>
<td align="right" width="90">1</td>
</tr>
<tr>
<td width="115" bgcolor="#99CC99">Classification</td>
<td width="6" bgcolor="#99CC99">:</td>
<td width="627">External</td>
<td width="96" bgcolor="#99CC99">Version</td>
<td colspan="2" width="6" bgcolor="#99CC99">:</td>
<td align="right" width="90">1</td>
</tr>
<tr>
<td width="115" bgcolor="#99CC99" valign="top">Subject</td>
<td width="6" bgcolor="#99CC99" valign="top">:</td>
<td width="627" bgcolor="#d4d4d4"><strong><font size="3">HP Aserver</font></strong></td>
<td width="96" bgcolor="#99CC99" valign="top">Date</td>
<td colspan="2" width="6" bgcolor="#99CC99" valign="top">:</td>
<td align="right" width="90" bgcolor="#D4D4D4" valign="top">01-Jan-2000</td>
</tr>
</table>
</div>
<p>By courtesy of HEWLETT-PACKARD COMPANY we received information on a vulnerability in
/opt/audio/bin/Aserver CERT-NL recommends to disable the audio server and start the year,
the century and the millennium silently after all that firework.</p>
<hr size="1">
<p>HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00108, 01 Jan 2000</p>
<hr size="1">
<p>PROBLEM: /opt/audio/bin/Aserver can be used to gain root access.</p>
<p>PLATFORM: HP9000 Series 7/800 running HP-UX releases 10.X and 11.X</p>
<p>DAMAGE: Root access is possible.</p>
<p>SOLUTION: Until patches are available disable the Aserver (see below).</p>
<p>AVAILABILITY: This advisory will be updated when patches are available.</p>
<hr size="1">
<p>I.</p>
<blockquote>
<ol type="A">
<li>Background<br>
A procedure to use /opt/audio/bin/Aserver to gain root access has been made public.</li>
<li>Recommended solution<br>
Until a patch is available, the only two temporary fixes currently available are to
disable /opt/audio/bin/Aserver by removing the file, or to remove execute permissions as
follows.<br>
<br>
As root remove functionality with:<br>
<br>
chmod 400 /opt/audio/bin/Aserver<br>
<br>
As an alternative, if it is absolutely necessary to run the Aserver, it can be run - yet
the system will be vulnerable while the Aserver is starting.<br>
Again as root:</li>
</ol>
<blockquote>
<blockquote>
<p>chmod 6555 /opt/audio/bin/Aserver</p>
<p>[***Warning - /opt/audio/bin/Aserver is now vulnerable.***]</p>
<p>/opt/audio/bin/Aserver -f</p>
<p>[Wait for the parent and child processes to start.]</p>
<p>chmod 400 /opt/audio/bin/Aserver</p>
<p>[/opt/audio/bin/Aserver is now safe.]<font FACE="Courier New" SIZE="2"></p>
</blockquote>
</blockquote>
</blockquote>
</font>
<hr>
<p><font color="#006041"><strong>CERT-NL</strong> </font>is the Computer Emergency
Response Team for SURFnet customers. SURFnet is the Dutch network for educational,
research and related institutes. <strong><font color="#006041">CERT-NL</font></strong> is
a member of the Forum of Incident Response and Security Teams (<a href="http://www.first.org">FIRST</a>).</p>
<p>All <strong><font color="#006041">CERT-NL</font></strong> material is available under:<br>
<a href="http://cert.surfnet.nl/">http://cert.surfnet.nl/</a></p>
<p>In case of computer or network security problems please contact your local
CERT/security-team or<font color="#006041"> <strong>CERT-NL</strong></font> (if your
institute is NOT a SURFnet customer please address the appropriate (local)
CERT/security-team).</p>
<p><strong><font color="#006041">CERT-NL</font></strong> is one/two hour(s) ahead of UTC
(GMT) in winter/summer,<br>
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).</p>
<div align="left">
<table border="0" width="80%" bgcolor="#DCDCDC" cellspacing="0" height="192">
<tr>
<td valign="top" height="24">Email:</td>
<td height="24"><a href="mailto:cert-nl@surfnet.nl">cert-nl@surfnet.nl</a></td>
<td height="24">ATTENDED REGULARLY ALL DAYS</td>
</tr>
<tr>
<td valign="top" height="24">Phone:</td>
<td height="24">+31 302 305 305</td>
<td height="24">BUSINESS HOURS ONLY</td>
</tr>
<tr>
<td valign="top" height="24">Fax: </td>
<td height="24">+31 302 305 329 </td>
<td height="24">BUSINESS HOURS ONLY</td>
</tr>
<tr>
<td valign="top" height="112">Snailmail:</td>
<td height="112">SURFnet bv<br>
Attn. CERT-NL<br>
P.O. Box 19035<br>
NL - 3501 DA UTRECHT<br>
The Netherlands</td>
<td height="112">.</td>
</tr>
</table>
</div>
<p>NOODGEVALLEN: 06 22 92 35 64 ALTIJD
BEREIKBAAR<br>
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES<br>
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:<br>
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING
WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER.
CERT-NL WILL THEN CONTACT YOU.</p>
<hr>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr align="left" valign="top">
<td><img src="../../hs-c-1999.gif" alt="copyright
SURFnet 1999" WIDTH="100" HEIGHT="19"><a href="mailto:redactie@SURFnet.nl"><br>
<img src="../../hs-email-red.gif" border="0" alt="email
naar redactie@SURFnet.nl" WIDTH="100" HEIGHT="26"></a></td>
<td width="100%" bgcolor="#C0C0C0"><table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr align="left" valign="top">
<td><img src="../../n-route.gif" border="0" alt="<-" WIDTH="19" HEIGHT="20"></td>
<td width="100%" valign="middle"><font face="Geneva, Arial" size="1"><a href="http://www.surfnet.nl/home.html" target="_top">Homepage</a> | <a href="http://www.surfnet.nl/diensten/">Diensten </a>| <a href="http://www.surfnet.nl/diensten/beveiliging/">Beveiliging</a> | <a href="http://www.surfnet.nl/diensten/beveiliging/cert" target="_top">CERT-NL home</a>|:</font></td>
</tr>
<tr align="left" valign="top">
<td colspan="2"><img src="/images/n-verlooplijn.gif" width="142" height="5" border="0" alt="-------------------"></td>
</tr>
<tr align="left" valign="top">
<td><a href="#top"><img src="../../n-top.gif" border="0" alt="<-" WIDTH="19" HEIGHT="20"></a></td>
<td width="100%" valign="middle"><font face="Geneva,
Arial" size="1"><a href="#top">Naar
begin van deze pagina</a></font></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>