exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

e-23b.ciac-HP-Vue-3.0

e-23b.ciac-HP-Vue-3.0
Posted Sep 23, 1999

e-23b.ciac-HP-Vue-3.0

SHA-256 | 293db9d367ab5457d0a194babb1d2e6ad3387a753ff4e4a2449e9674321188f2

e-23b.ciac-HP-Vue-3.0

Change Mirror Download
               _____________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
_____________________________________________________

Information Bulletin

Vulnerability in HP-UX systems with HP Vue 3.0

May 18, 1994 1615 PDT Number E-23b
______________________________________________________________________________

PROBLEM: A Vulnerability exists in HP-UX systems with HP Vue 3.0.
PLATFORM: HP 9000 series 300/400/700/800 at HP-UX revision 9.x, with HP
Vue 3.0.
DAMAGE: Local users can raise their privileges to superuser (root) level.
SOLUTION: Apply appropriate patch for your system.
______________________________________________________________________________

VULNERABILITY CIAC recommends that all systems which have HP Vue 3.0 on their
ASSESSMENT: systems, whether in use or not, should install this patch.
______________________________________________________________________________

Critical Information about vulnerability in HP-UX systems with HP Vue 3.0

CIAC has received information regarding a vulnerability in HP9000 computers at
revision 9.x which contain HP Vue 3.0. This vulnerability can allow a local
user to obtain root access.

CIAC recommends that if you have Vue 3.0 on your system you apply the following
patch appropriate to your system. For an HP 9000 series 300/400 computer,
apply patch PHSS_4055; for an HP 9000 series 700/800 computer, apply patch
PHSS_4066.

Patches can be obtained in one of three methods:

1. Obtain the patch via E-mail from the HP SupportLine Mail Service. Send the
words, without quotes, "send PHSS_4055" (or "send PHSS_4066") in the TEXT
PORTION of a message addressed to support@support.mayfield.hp.com (no subject
line is required). The patch will be E-mailed back to you.

2. Download the patch from support.mayfield.hp.com. To do this, follow the
instructions in the document located on irbis.llnl.gov:
~/pub/ciac/ciacdoc/e-fy94/HPACCESS.TXT-how-to-download-HP-patches.

3. Contact your local HP Response Center. They will provide you with the patch.

The complete instructions for applying the patch are in the file
PHSS_40xx.text, supplied with the patch release. Checksums for the patch are
included with the release. After installing the patch, examine /tmp/update.log
for any relevant WARNING's or ERROR's. To accomplish this, from the shell
prompt type "tail -60 /tmp/update.log | more" and page through the screens via
the space bar, looking for WARNING or ERROR messages.

ATTENTION: This bulletin contains updated information received from
Hewlett-Packard after the electronic version was distributed. Patch PHSS_4066
supersedes PHSS_4038, and directions to download the patch have been included.
______________________________________________________________________________

CIAC would like to thank the CERT-NL for first alerting us to the existance of
this vulnerability and for technical information about this vulnerability, and
John Morris of Hewlett-Packard for patch information and availability.
______________________________________________________________________________

For additional information or assistance, please contact CIAC:
Voice: 510-422-8193
FAX: 510-423-8002
STU-III: 510-423-2604
E-mail: ciac@llnl.gov

CIAC has several self-subscribing mailing lists for electronic publications:

1. CIAC-BULLETIN for Advisories, highest priority - time critical information
and Bulletins, important computer security information;
2. CIAC-NOTES for Notes, a collection of computer security articles;
3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI)
software updates, new features, distribution and availability;
4. SPI-NOTES, an unmoderated forum for discussion of problems and solutions
regarding the use of SPI products.

Our mailing lists are managed by a public domain software package called
ListProcessor, which ignores E-mail header subject lines. To subscribe (add
yourself) to one of our mailing lists, send the following request as the
E-mail message body, substituting CIAC-BULLETIN, CIAC-NOTES, SPI-ANNOUNCE or
SPI-NOTES for "list-name" and valid information for "LastName" "FirstName" and
"PhoneNumber" when sending

E-mail to ciac-listproc@llnl.gov:
subscribe list-name LastName, FirstName PhoneNumber
e.g.: subscribe ciac-notes O'Hara, Scarlett 404-555-1212 x36

You will receive an acknowledgment containing address, initial PIN, and
information on how to change either of them, cancel your subscription, or get
help.
______________________________________________________________________________

PLEASE NOTE: Many users outside of the DOE and ESnet computing communities
receive CIAC bulletins. If you are not part of these communities, please
contact your agency's response team to report incidents. Your agency's team
will coordinate with CIAC. The Forum of Incident Response and Security Teams
(FIRST) is a world-wide organization. A list of FIRST member organizations
and their constituencies can be obtained by sending E-mail to
first-request@first.org with an empty subject line and a message body
containing the line: send first-contacts.

This document was prepared as an account of work sponsored by an agency of the
United States Government. Neither the United States Government nor the
University of California nor any of their employees, makes any warranty,
expressed or implied, or assumes any legal liability or responsibility for the
accuracy, completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately owned
rights. Reference herein to any specific commercial products, process, or
service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or favoring by
the United States Government or the University of California. The views and
opinions of authors expressed herein do not necessarily state or reflect those
of the United States Government nor the University of California, and shall not
be used for advertising or product endorsement purposes.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close