013
3e467feb82362aa8df0fadceef98cc27138480f1aa0ebd226159e540a7497597
From support@us.external.hp.com Wed Mar 13 00:59:09 1996
Date: Wed, 13 Mar 1996 01:02:08 -0800
From: HPSL Mail Service <support@us.external.hp.com>
Reply to: support-feedback@us.external.hp.com
To: Damien Sorder <jericho@netcom.com>
Subject: RE: send doc HPSBUX9406-013
--------
## Regarding your request:
Send Doc HPSBUX9406-013
The following are the results of your request from the HP SupportLine mail
service.
===============================================================================
Document Id: [HPSBUX9406-013]
Date Loaded: [07-06-94]
Description: vhe_u_mnt allows unauthorized root access
===============================================================================
-----------------------------------------------------------------------
HEWLETT-PACKARD SECURITY BULLETIN: #00013, 21 June 94
REVISED: 5 July 94
-----------------------------------------------------------------------
--------------------------REVISION BEGINS------------------------------
REVISION: PHNE_4364 was originally recommended for s700_800.
PHNE_4364 did fix the security vulnerability; however
the PHNE_4364.text and PHNE_4364.catalog files did
not contain the proper 'sum' and 'what' strings.
A new patch, PHNE_4434, has been created that
contains the exact same files as PHNE_4364, EXCEPT
it now contains the correct 'sum' and 'what' strings.
If you have already installed PHNE_4364, you do
not need to install PHNE_4434, except to insure that
the 'what' and 'sum' strings are correct.
---------------------------REVISION ENDS------------------------------
_______________________________________________________________________
PROBLEM: /usr/etc/vhe/vhe_u_mnt allows unauthorized root access
PLATFORM: HP 9000 Series 300, 400, 700, 800 running HP-UX 8.x, 9.x
DAMAGE: A user can gain superuser access on the system.
SOLUTION: Apply appropriate patches for either HP-UX 8.x or 9.x:
s300_400 PHNE_4363
s700_800 PHNE_4434
_______________________________________________________________________
I. /usr/etc/vhe/vhe_u_mnt
A. Nature of the Problem
A problem in vhe_u_mnt allows a user the ability to execute
commands as root. This problem is not obvious and requires
some expertise to exploit. This vulnerability does NOT allow
an outside intruder to gain access to the system; it does
allow an existing user to upgrade privileges to root.
B. Fixing the problem
The vulnerability can be eliminated by applying a patch.
Hewlett-Packard recommends that all customers concerned with the
security of their HP-UX systems apply the appropriate patch
as soon as possible.
C. How to Install the Patch
1. Determine which patch is appropriate for your hardware
platform and operating system:
PLATFORM OS PATCH
-------- -------- ----------
300/400 HPUX 8.x PHNE_4363
HPUX 9.x PHNE_4363
700/800 HPUX 8.x PHNE_4434
HPUX 9.x PHNE_4434
2. Get a copy of the patch from one of the following locations:
a. HP SupportLine Mail Service
To obtain the patch, send the following in the TEXT PORTION
OF THE MESSAGE to support@support.mayfield.hp.com
(no Subject is required):
send patch_name
for example:
send PHNE_4363
It will automatically be emailed back to you. Note that
users may also download the patch from HP SupportLine via
ftp, kermit, or uucp.
b. Response Center Support
If you need additional assistance and have a support
contract, you can contact your local Response Center for
further help.
3. Apply the patch to your HP-UX system.
a. Become superuser (or root).
b. Put the patch into /tmp.
c. At the shell prompt, type "sh /tmp/PHNE_4???"
d. At the shell prompt, for 9.x systems type
"/etc/update -s /tmp/PHNE_4???.updt \*"
Note: "???" refers to the last 3 digits of the appropriate
patch from the list in step 1.
4. Examine /tmp/update.log for any relevant WARNINGs or ERRORs.
This can be done as follows:
a. At the shell prompt, type
"tail -60 /tmp/update.log | more"
b. Page through the next three screens via the space bar,
looking for WARNING or ERROR messages.
D. Consequences of Patch
This patch will not change the functionality or performance
of vhe.
-----------------------------------------------------------------------
To subscribe to automatically receive NEW future HP Security Bulletins
from the HP SupportLine mail service via electronic mail, send the
following in the TEXT PORTION OF THE MESSAGE to
support@support.mayfield.hp.com (no Subject is required):
subscribe security_info
To retrieve the index of all HP Security Bulletins, send the following:
send security_info_list
To obtain a copy of the HP SupportLine mail service user's guide,
send the following:
send guide.txt
For security concerns, write to:
security-alert@hp.com
-----------------------------------------------------------------------