exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Sep 23, 1999


SHA-256 | dbad1ccfe1346fefc641d0b5263f23bd9d2d5003d17ff7379ddcf4b474c27e20


Change Mirror Download
From support@us.external.hp.com Wed Mar 13 01:01:34 1996
Date: Wed, 13 Mar 1996 01:09:30 -0800
From: HPSL Mail Service <support@us.external.hp.com>
Reply to: support-feedback@us.external.hp.com
To: Damien Sorder <jericho@netcom.com>
Subject: RE: send doc HPSBUX9402-003

## Regarding your request:
Send Doc HPSBUX9402-003

The following are the results of your request from the HP SupportLine mail

Document Id: [HPSBUX9402-003]
Date Loaded: [02-09-94]

Description: Security Vulnerability in Subnetconfig


PROBLEM: Security vulnerability in /etc/subnetconfig
PLATFORM: HP 9000 Series 300, 400, 700, 800 running HP-UX 9.0/9.01
DAMAGE: An existing user can increase access privileges.
SOLUTION: Apply patch PHNE_3563 (series 300/400, HP-UX 9.0), or
PHNE_3564 (series 700/800, HP-UX 9.0/9.01 ONLY)
AVAILABILITY: Monday, 7 Feb 94

I. /etc/subnetconfig

A. Problem

A vulnerability exists in certain versions of subnetconfig
that allow existing users on a system to increase their
privileges. These versions of subnetconfig exist on HP-UX
versions 9.0 and 9.01. They do not exist in prior versions
of HP-UX or in versions subsequent to the above (9.03, etc.)
The vulnerability is a result of an access permissions

B. Fixing the problem

The vulnerability can be eliminated by applying a patch.
Hewlett-Packard recommends that all customers concerned with the
security of their HP-UX systems apply the appropriate patch
as soon as possible.

C. How to Install the Patch

1. Determine which patch is appropriate for your hardware
platform and operating system:

PHNE_3563 -- Series 300/400, HP-UX 9.0
PHNE_3564 -- Series 700/800, HP-UX 9.0/9.01

2. Get a copy of the patch from one of the following locations:

a. HP SupportLine Mail Service

To obtain the patch, send the following in the TEXT PORTION
OF THE MESSAGE to support@support.mayfield.hp.com
(no Subject is required):

send patch_name

for example:

send PHNE_35nn

It will automatically be emailed back to you. Note that
users may also download the patch from HP SupportLine via
ftp, kermit, or uucp.

b. Response Center Support

If you need additional assistance and have a support
contract, you can contact your local Response Center for
further help.

3. Apply the patch to your HP-UX system.

a. Become superuser (or root).
b. Put the patch into /tmp.
c. At the shell prompt, type "sh /tmp/PHNE_35nn"
d. At the shell prompt, for 9.x systems type
"/etc/update -s /tmp/PHNE_35nn.updt \*"

Note: "nn" refers to the last two digits of the appropriate
patch from the list in step 1.

4. Examine /tmp/update.log for any relevant WARNINGs or ERRORs.
This can be done as follows:

a. At the shell prompt, type
"tail -60 /tmp/update.log | more"
b. Page through the next three screens via the space bar,
looking for WARNING or ERROR messages.

D. Consequences of Patch

As a result of applying this patch and closing the security
hole, /etc/subnetconfig will no longer be executable by non-root
users. This is consistent with the intended use of this program;
it is intended for system administrators.

To subscribe to automatically receive NEW future HP Security Bulletins
from the HP SupportLine mail service via electronic mail, send the
following in the TEXT PORTION OF THE MESSAGE to
support@support.mayfield.hp.com (no Subject is required):

subscribe security_info

To retrieve the index of all HP Security Bulletins, send the following:

send security_info_list

To obtain a copy of the HP SupportLine mail service user's guide,
send the following:

send guide.txt

For security concerns, write to:


Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By