[291] in Best-of-Security
BoS: HP Security Bulletins Digest (fwd)
daemon@ATHENA.MIT.EDU (Darren Reed)
Sun Aug 3 12:58:56 1997
From: Darren Reed <avalon@coombs.anu.edu.au>
Date: Fri, 1 Aug 1997 09:46:35 +1000 (EST)
Errors-To: best-of-security-request@cyber.com.au
To: best-of-security@cyber.com.au
Resent-From: best-of-security@cyber.com.au
In some mail from Aleph One, sie said:
> From owner-bugtraq@NETSPACE.ORG Fri Aug 1 04:29:22 EST 1997
> Approved-By: aleph1@UNDERGROUND.ORG
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Date: Thu, 31 Jul 1997 12:11:26 -0500
> Reply-To: Aleph One <aleph1@DFW.NET>
> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
> From: Aleph One <aleph1@DFW.NET>
> Subject: HP Security Bulletins Digest
> To: BUGTRAQ@NETSPACE.ORG
>
> HP Support Information Digests
>
> ===============================================================================
> o HP Electronic Support Center World Wide Web Service
> ---------------------------------------------------
>
> If you subscribed through the HP Electronic Support Center and would
> like to be REMOVED from this mailing list, access the
> HP Electronic Support Center on the World Wide Web at:
>
> http://us-support.external.hp.com
>
> Enter the Support Information Digests service as a registered user,
> using your HP Electronic Support Center User ID and Password to login.
> You may then unsubscribe from the appropriate digest.
> ===============================================================================
>
>
> Digest Name: Daily Security Bulletins Digest
> Created: Wed Jul 30 17:08:34 PDT 1997
>
> Table of Contents:
>
> Document ID Title
> --------------- -----------
> HPSBUX9611-041 Vulnerability with Large UID's and GID's in HP-UX 10.20
> HPSBUX9707-067 Buffer overflows in X11/Motif libraries
> HPSBUX9707-068 Security Vulnerability in Novell Netware 3.12 on HP-UX
>
> The documents are listed below.
> -------------------------------------------------------------------------------
>
>
> Document ID: HPSBUX9611-041
> Date Loaded: 970730
> Title: Vulnerability with Large UID's and GID's in HP-UX 10.20
>
> -------------------------------------------------------------------------
> **REVISED 02**HEWLETT-PACKARD SECURITY BULLETIN: #00041, 20 January 1997
> Last Revised: 29 July 1997
> -------------------------------------------------------------------------
>
> The information in the following Security Bulletin should be acted upon
> as soon as possible. Hewlett Packard will not be liable for any
> consequences to any customer resulting from customer's failure to fully
> implement instructions in this Security Bulletin as soon as possible.
>
> -------------------------------------------------------------------------
>
> PROBLEM: Use of user or group id's greater than 60000
>
> PLATFORM: HP 9000 series 700/800 systems running version 10.20
>
> DAMAGE: Increase in capability and unauthorized access
>
> SOLUTION: **REVISED 01**
> Install PHSS_9343, PHNE_9377, and PHNE_9504. Then examine
> the system for suid files that may not be safe for a large
> uid/gid system. Any such files must be certified by their
> providers as safe for use in large uid/gid system.
> **REVISED 02**
> Apply patch PHSS_11309. PHSS_9799, which superseded
> PHSS_9343, inadvertently omitted the fix.
> Do not use PHSS_9799; it is now unavailable.
> Both PHSS_9343 and PHSS_9799 have been superseded by
> PHSS_11309, which does have the fix.
>
> AVAILABILITY: PHSS_9343, PHNE_9377, PHNE_9504 and PHSS_11309 are
> available now.
>
> CHANGE SUMMARY: **REVISED 02**
> One of the patches needed, PHSS_9343 (hpterm) was
> superseded by a patch that omitted the fix, PHSS_9799.
> Do not use PHSS_9799. It has been superseded by PHSS_11309.
>
> PHSS_9343 has also been superseded by PHSS_11309. You can
> continue to use PHSS_9343. However, PHSS_11309 has additional
> defect fixes and you may want to install it.
>
> NOTE: You still need to install PHNE_9377 and PHNE_9504 or
> subsequent. You also need to examine the system for suid
> files that may not be safe for a large uid/gid system.
> -------------------------------------------------------------------------
>
> I.
> A. Background
> Large user and group id's are new features of HP-UX revision 10.20.
> Requirements for a program to work in a large uid/gid system are
> detailed in the 10.20 Release Notes. In particular the uid or gid
> must not be stored in a short int. Doing so in a suid program
> can result in an increase in capability, including root access.
>
> The suid files in the following filesets have been examined and
> are free of the security vulnerability (after installing the
> patches listed above). This only implies that the files are free
> from the vulnerability. It does not necessarily mean that the
> programs in that fileset will work properly in a large uid/gid
> system.
>
> 100VG-RUN, AB-NET, AB-RUN, AB-SUPPORT, ACCOUNTNG, AGRM, ASU,
> AUDIO-SRV, CDE-DTTERM, CDE-RUN, CMDS-AUX, CMDS-MIN,
> DCE-CORE-RUN, DDX-FREEDOM, DVC-SRV, DVC-SRV, EDITORS,
> FAX-SER-CMN, FCEISA-RUN, FCHSC-RUN, FDDI6-RUN, FTAM, GLANCE,
> GLANCE, GPM, HPNP-RUN, HPNP-RUN, HPPAK, HPPB100BT-RUN,
> INETSVCS-RUN, LAN-RUN, LMU, LP-SPOOL, LVM-RUN, LVM-RUN,
> MAILERS, MAPCHAN-CMD, MCSE-CORE, MPOWER-CLIENT, NET-RUN,
> NFS-CLIENT, NIS-CLIENT, OM-ADM, OM-BB, OM-CCMOB, OM-CORE,
> OM-DESK, OM-DSYNC, OM-FAX, OM-LC, OM-NOTES, OM-P7,
> OM-PMOVER, OM-RC, OM-SMS, OM-SNOOP, OM-UNIX, OM-X400,
> OMNI-CORE, OTS-RUN, OVNNM-RUN, PHIGS-RUN, PHIGS-RUN,
> PR-INFORMIX, PRM-RUN, RUPDATE, SAM, SCAN-CFG, SD-CMDS,
> SLIP-RUN, SNAP-COMMON, SNAP-RJE, SNAP2-CORE, SNAP2-RJE,
> STAR-RUN, SYS-ADMIN, SYSCOM, TERM-MNGR-MIN, TOKEN1-RUN,
> TOKEN2-RUN, TOKEN3-RUN, UPG-ANALYSIS, UUCP, UX-CORE,
> VUE-RUN, WTNETSCAPE2-RU, X11-RUN-CL, X11-RUN-CTRB, X400-RUN
>
> Note: The fact that a fileset is missing from the list above
> does not mean it is suspect. It may mean the fileset contains
> no suid files. The script below can be used to identify suid
> files that are not contained in known safe filesets.
>
>
> B. Fixing the problem
>
> Install the patches listed above and examine all suid files.
> The following script will identify suspect suid files.
> The provider of any suspect file should be contacted to confirm
> that the program is safe for use in a large uid/gid system.
>
> Note: The script was tested on a system with one file system.
> If you have a different configuration (nfs mounted file systems,
> for example), you may want to modify the find(1) command.
>
> Note: Some suid files may be listed under the fileset of
> a patch as well as under the primary fileset. In that case:
>
> 1. Use swlist to find all the instances of each file.
>
> For example:
>
> # swlist -l file | grep vueaction
> PHSS_8537.PHSS_8537: /usr/vue/bin/vueaction
> VUE.VUE-MAN: /usr/share/man/man1.Z/vueaction.1
> VUE.VUE-RUN: /usr/vue/bin/vueaction
> # swlist -l file | grep vuehello
> ...
>
>
> 2. Verify that the primary (non-patch) fileset is on the
> list of large uid/gid safe filesets. In this case
> VUE-RUN is on the list.
>
> 3. Add the patch fileset (PHSS_8537 in this example) to the
> list of safe filesets in the script below. For example:
>
> -e PHSS_8537: \
>
>
> C. Recommended solution
>
> #!/bin/sh
> echo "###############################################################"
> echo "# #"
> echo "# Finds suid files that are suspect in a large uid/gid #"
> echo "# system. Those would be any suid file not in one #"
> echo "# of the following filesets: #"
> echo "# #"
> echo "#100VG-RUN, AB-NET, AB-RUN, AB-SUPPORT, ACCOUNTNG, AGRM, ASU, #"
> echo "#AUDIO-SRV, CDE-DTTERM, CDE-RUN, CMDS-AUX, CMDS-MIN, #"
> echo "#DCE-CORE-RUN, DDX-FREEDOM, DVC-SRV, DVC-SRV, EDITORS, #"
> echo "#FAX-SER-CMN, FCEISA-RUN, FCHSC-RUN, FDDI6-RUN, FTAM, GLANCE, #"
> echo "#GLANCE, GPM, HPNP-RUN, HPNP-RUN, HPPAK, HPPB100BT-RUN, #"
> echo "#INETSVCS-RUN, LAN-RUN, LMU, LP-SPOOL, LVM-RUN, LVM-RUN, #"
> echo "#MAILERS, MAPCHAN-CMD, MCSE-CORE, MPOWER-CLIENT, NET-RUN, #"
> echo "#NFS-CLIENT, NIS-CLIENT, OM-ADM, OM-BB, OM-CCMOB, OM-CORE, #"
> echo "#OM-DESK, OM-DSYNC, OM-FAX, OM-LC, OM-NOTES, OM-P7, #"
> echo "#OM-PMOVER, OM-RC, OM-SMS, OM-SNOOP, OM-UNIX, OM-X400, #"
> echo "#OMNI-CORE, OTS-RUN, OVNNM-RUN, PHIGS-RUN, PHIGS-RUN, #"
> echo "#PR-INFORMIX, PRM-RUN, RUPDATE, SAM, SCAN-CFG, SD-CMDS, #"
> echo "#SLIP-RUN, SNAP-COMMON, SNAP-RJE, SNAP2-CORE, SNAP2-RJE, #"
> echo "#STAR-RUN, SYS-ADMIN, SYSCOM, TERM-MNGR-MIN, TOKEN1-RUN, #"
> echo "#TOKEN2-RUN, TOKEN3-RUN, UPG-ANALYSIS, UUCP, UX-CORE, #"
> echo "#VUE-RUN, WTNETSCAPE2-RU, X11-RUN-CL, X11-RUN-CTRB, X400-RUN #"
> echo "# #"
> echo "# Note: This assumes that the patches listed in #"
> echo "# HP Security Bulletin 41 are installed. #"
> echo "# #"
> echo "# As you qualify other suid files you may want to #"
> echo "# modify this script. #"
> echo "# #"
> echo "###############################################################"
> td=/tmp/suid_temp
> mkdir $td
> ##########################################################
> # find all suid files
> ##########################################################
> echo find all suid files:
> echo "find / -type f -perm -u+s -print >$td/suid_files"
> find / -type f -perm -u+s -print >$td/suid_files
>
> ##########################################################
> # list all files in all installed filesets
> ##########################################################
> echo list all files in all installed filesets:
> echo "swlist -l file >$td/swlist.file"
> swlist -l file >$td/swlist.file
>
> ##########################################################
> # extract the suid files from the list all files
> # in all installed filesets
> ##########################################################
> echo find suspect suid files
> grep -Ff $td/suid_files $td/swlist.file > $td/swlist.suid
>
> ##########################################################
> # make a list of all the filesets containing suid files
> ##########################################################
> awk '{print $1}' $td/swlist.suid | cut -f 2 -d\. \
> | sort -u >$td/suid_filesets
>
> ##########################################################
> # remove from the list all the filesets known to be
> # large uid/gid safe
> ##########################################################
>
> grep -ve 100VG-RUN: -e AB-NET: -e AB-RUN: -e AB-SUPPORT: \
> -e ACCOUNTNG: -e AGRM: -e ASU: -e AUDIO-SRV: -e CDE-DTTERM: \
> -e CDE-RUN: -e CMDS-AUX: -e CMDS-MIN: -e DCE-CORE-RUN: \
> -e DDX-FREEDOM: -e DVC-SRV: -e DVC-SRV: -e EDITORS: \
> -e FAX-SER-CMN: -e FCEISA-RUN: -e FCHSC-RUN: -e FDDI6-RUN: \
> -e FTAM: -e GLANCE: -e GLANCE: -e GPM: -e HPNP-RUN: \
> -e HPNP-RUN: -e HPPAK: -e HPPB100BT-RUN: -e INETSVCS-RUN: \
> -e LAN-RUN: -e LMU: -e LP-SPOOL: -e LVM-RUN: -e LVM-RUN: \
> -e MAILERS: -e MAPCHAN-CMD: -e MCSE-CORE: \
> -e MPOWER-CLIENT: -e NET-RUN: -e NFS-CLIENT: -e NIS-CLIENT: \
> -e OM-ADM: -e OM-BB: -e OM-CCMOB: -e OM-CORE: \
> -e OM-DESK: -e OM-DSYNC: -e OM-FAX: -e OM-LC: -e OM-NOTES: \
> -e OM-P7: -e OM-PMOVER: -e OM-RC: -e OM-SMS: \
> -e OM-SNOOP: -e OM-UNIX: -e OM-X400: -e OMNI-CORE: \
> -e OTS-RUN: -e OVNNM-RUN: -e PHIGS-RUN: -e PHIGS-RUN: \
> -e PR-INFORMIX: -e PRM-RUN: -e RUPDATE: -e SAM: \
> -e SCAN-CFG: -e SD-CMDS: -e SLIP-RUN: -e SNAP-COMMON: \
> -e SNAP-RJE: -e SNAP2-CORE: -e SNAP2-RJE: -e STAR-RUN: \
> -e SYS-ADMIN: -e SYSCOM: -e TERM-MNGR-MIN: -e TOKEN1-RUN: -e UUCP: \
> -e TOKEN2-RUN: -e TOKEN3-RUN: -e UPG-ANALYSIS: \
> -e UX-CORE: -e VUE-RUN: -e WTNETSCAPE2-RU: -e X11-RUN-CL: \
> -e X11-RUN-CTRB: -e X400-RUN: \
> $td/suid_filesets >$td/suid_suspect_filesets
>
> ##########################################################
> # make a list of all the files in the suspect filesets
> ##########################################################
> grep -Ff $td/suid_suspect_filesets $td/swlist.file \
> >$td/suid_suspect_filesets_files
>
> ##########################################################
> # extract just the suid files from the suspect filesets
> ##########################################################
>
> echo "The following suid files are suspect in a large uid/gid system:" \
> >$td/suid_suspect_files
> echo "Fileset: File">>$td/suid_suspect_files
> echo "-------------------------------------------" >>$td/suid_suspect_files
> grep -Ff $td/suid_files $td/suid_suspect_filesets_files \
> >$td/suid_suspect_files
>
> ##########################################################
> # suid files that are not in filesets are suspect
> ##########################################################
> for i in `cat $td/suid_files`
> do
> count=`grep -c $i $td/swlist.file`
> if [ $count -eq 0 ]
> then
> echo "not_in_a_fileset: $i" >>$td/suid_suspect_files
> fi
> done
>
> cat $td/suid_suspect_files
> echo "The list of suspect suid files is in $td/suid_suspect_files"
> exit
> ##################### end ###########################################
>
> D. Impact of the patch
> Installs large uid/gid safe programs.
>
> E. To subscribe to automatically receive future NEW HP
> Security Bulletins from the HP SupportLine Digest service via
> electronic mail, do the following:
>
> 1) From your Web browser, access the URL:
>
> http://us-support.external.hp.com (US,Canada, Asia-Pacific,
> and Latin-America)
>
> http://europe-support.external.hp.com (Europe)
>
> 2) On the HP Electronic Support Center main screen, select
> the hyperlink "Support Information Digests".
>
> 3) On the "Welcome to HP's Support Information Digests" screen,
> under the heading "Register Now", select the appropriate
> hyperlink "Americas and Asia-Pacific", or "Europe".
>
> 4) On the "New User Registration" screen, fill in the fields
> for the User Information and Password and then select the
> button labeled "Submit New User".
>
> 5) On the "User ID Assigned" screen, select the hyperlink
> "Support Information Digests".
>
> **Note what your assigned user ID and password are for future
> reference.
>
> 6) You should now be on the "HP Support Information Digests
> Main" screen. You might want to verify that your email address
> is correct as displayed on the screen. From this screen, you
> may also view/subscribe to the digests, including the security
> bulletins digest.
>
> To get a patch matrix of current HP-UX and BLS security
> patches referenced by either Security Bulletin or Platform/OS,
> click on following screens in order:
>
> Technical Knowledge Database
> Browse Security Bulletins
> Security Bulletins Archive
> HP-UX Security Patch Matrix
>
>
> F. To report new security vulnerabilities, send email to
>
> security-alert@hp.com
>
> Please encrypt any exploit information using the security-alert
> PGP key, available from your local key server, or by sending a
> message with a -subject- (not body) of 'get key' (no quotes) to
> security-alert@hp.com.
>
>
> Permission is granted for copying and circulating this Bulletin to
> Hewlett-Packard (HP) customers (or the Internet community) for the
> purpose of alerting them to problems, if and only if, the Bulletin
> is not edited or changed in any way, is attributed to HP, and
> provided such reproduction and/or distribution is performed for
> non-commercial purposes.
>
> Any other use of this information is prohibited. HP is not liable
> for any misuse of this information by any third party.
> ________________________________________________________________________
> -----End of Document ID: HPSBUX9611-041--------------------------------------
>
>
> Document ID: HPSBUX9707-067
> Date Loaded: 970730
> Title: Buffer overflows in X11/Motif libraries
>
> -------------------------------------------------------------------------
> HEWLETT-PACKARD SECURITY BULLETIN: #00067, 30 July 1997
> -------------------------------------------------------------------------
>
> The information in the following Security Bulletin should be acted upon
> as soon as possible. Hewlett Packard will not be liable for any
> consequences to any customer resulting from customer's failure to fully
> implement instructions in this Security Bulletin as soon as possible.
>
> -------------------------------------------------------------------------
> PROBLEM: Buffer overflows in X11/Motif libraries.
>
> PLATFORM: HP9000 Series 700/800 running releases 9.X and 10.X
>
> DAMAGE: Suid/sgid programs linked with X11/Motif libraries can
> be exploited to increase privileges.
>
> SOLUTION: Install the patches listed below. Any programs that are
> linked archived with any previous versions of the X11/Motif
> libraries must be relinked with the libraries in the patches.
>
> AVAILABILITY: The patches are available now.
> -------------------------------------------------------------------------
> I.
> A. Background - Several buffer overflow conditions have been
> identified. These have been present in all
> previous versions of the X11/Motif libraries.
>
> B. Fixing the problem - Install the applicable patches:
>
> PHSS_11626 9.X X11R5/Motif1.2 Runtime
> PHSS_11627 9.X X11R5/Motif1.2 Development
>
> PHSS_11043 10.0X X11R5/Motif1.2 Runtime (also for 10.10)
> PHSS_11044 10.0X X11R5/Motif1.2 Development
>
> PHSS_11043 10.10 X11R5/Motif1.2 Runtime (also for 10.0X)
> PHSS_11045 10.10 X11R5/Motif1.2 Development
>
> PHSS_11628 10.20 X11R5/Motif1.2 Runtime
> PHSS_11629 10.20 X11R5/Motif1.2 Development
>
> PHSS_11628 10.20 X11R6/Motif1.2 Runtime
> PHSS_11630 10.20 X11R6/Motif1.2 Development
>
> PHSS_9858 9.X VUE 3.0
>
> PHSS_9804 10.01 VUE 3.0
>
> PHSS_9805 10.10/10.20 VUE 3.0
>
> PHSS_11373 9.X JSE A.B9.40
>
> Then relink any suid/sgid programs that use X11 or Motif archived
> libraries.
>
> C. Recommended solution - Install the applicable patches and
> relink archived suid/sgid programs.
>
> D. Impact of the patch - The fixes are in the X11/Motif patches.
> The VUE and JSE patches make use of the libraries in the
> X11/Motif patches.
>
> E. To subscribe to automatically receive future NEW HP Security
> Bulletins from the HP Electronic Support Center via electronic
> mail, do the following:
>
> User your browser to get to the HP Electronic Support Center page
> at:
>
> http://us-support.external.hp.com
> (for US, Canada, Asia-Pacific, & Latin-America)
>
> http://europe-support.external.hp.com
> (for Europe)
>
> Click on the Technical Knowledge Database, register as a user
> (remember to save the User ID assigned to you, and your password),
> and it will connect to a HP Search Technical Knowledge DB page.
> Near the bottom is a hyperlink to our Security Bulletin archive.
> Once in the archive there is another link to our current
> security patch matrix. Updated daily, this matrix is categorized
> by platform/OS release, and by bulletin topic.
>
> F. To report new security vulnerabilities, send email to
>
> security-alert@hp.com
>
> Please encrypt any exploit information using the security-alert
> PGP key, available from your local key server, or by sending a
> message with a -subject- (not body) of 'get key' (no quotes) to
> security-alert@hp.com.
>
> Permission is granted for copying and circulating this Bulletin to
> Hewlett-Packard (HP) customers (or the Internet community) for the
> purpose of alerting them to problems, if and only if, the Bulletin
> is not edited or changed in any way, is attributed to HP, and
> provided such reproduction and/or distribution is performed for
> non-commercial purposes.
>
> Any other use of this information is prohibited. HP is not liable
> for any misuse of this information by any third party.
> ________________________________________________________________________
> -----End of Document ID: HPSBUX9707-067--------------------------------------
>
>
> Document ID: HPSBUX9707-068
> Date Loaded: 970730
> Title: Security Vulnerability in Novell Netware 3.12 on HP-UX
>
> -------------------------------------------------------------------------
> HEWLETT-PACKARD SECURITY BULLETIN: #00068, 30 July 1997
> -------------------------------------------------------------------------
>
> The information in the following Security Bulletin should be acted upon
> as soon as possible. Hewlett Packard will not be liable for any
> consequences to any customer resulting from customer's failure to fully
> implement instructions in this Security Bulletin as soon as possible.
>
> -------------------------------------------------------------------------
>
> PROBLEM: Novell Netware 3.12 release B.10.08 or earlier, and B.09.05 or
> earlier allows unauthorized users to read files.
>
> PLATFORM: HP 9000 Series 700/800s running only specific releases of HP-UX
> 9.X and 10.X. See below.
>
> DAMAGE: Allows users unauthorized file read access.
>
> SOLUTION: Apply the following patches as needed:
> PHNE_11684 for HP-UX release 9.04, or
> PHNE_11341 for HP-UX release 10.01, and
> PHNE_11722 for HP-UX release 10.01, or
> PHNE_11723 for HP-UX release 10.10, or
> PHNE_11724 for HP-UX release 10.20.
>
> AVAILABILITY: All patches are available now.
> -------------------------------------------------------------------------
> I.
> A. Background
> Hewlett-Packard Company has discovered a defect in the Novell
> Netware 3.12 product running on HP-UX. This defect is seen on
> both 9.04 and 10.X operating systems, and allows users to read
> files from an unauthorized PC. Native Netware is exempt from
> this defect.
>
> NOTE: The product in question only runs on HP-UX releases 9.04,
> 10.01, 10.10, or 10.20.
>
> B. Fixing the problem
> For HP-UX 9.04 users, simply obtain Netware release B.09.08.002
> to be used as a full product replacement. This is the patch
> PHNE_11684. Installation will require rebooting the server.
>
> For 10.01 users, before continuing to use Netware, first obtain
> PHNE_10341 (the full product replacement patch B.10.08) and then
> apply patch PHNE_11722 (B.10.08.002). PHNE_11722 will not
> install unless PHNE_10341 has been previously installed.
>
> For HP-UX 10.10 and 10.20 update to the Netware B.10.08 release
> from the latest application release CD, DART32 or newer.
> Then install the appropriate patch (see above).
>
> C. Recommended solution
> The patch is a cumulative patch and and fully fixes the
> discovered vulnerability.
>
> D. To subscribe to automatically receive future NEW HP Security
> Bulletins from the HP SupportLine Digest service via electronic
> mail, do the following:
>
> 1) From your Web browser, access the URL:
>
> http://us-support.external.hp.com
> (for US,Canada, Asia-Pacific, and Latin-America)
>
> http://europe-support.external.hp.com (for Europe)
>
> 2) On the HP Electronic Support Center main screen, select
> the hyperlink "Support Information Digests".
>
> 3) On the "Welcome to HP's Support Information Digests" screen,
> under the heading "Register Now", select the appropriate
> hyperlink "Americas and Asia-Pacific", or "Europe".
>
> 4) On the "New User Registration" screen, fill in the fields for
> the User Information and Password and then select the button
> labeled "Submit New User".
>
> 5) On the "User ID Assigned" screen, select the hyperlink
>
> "Support Information Digests".
>
> ** Note what your assigned user ID and password are for
> future reference.
>
> 6) You should now be on the "HP Support Information Digests Main"
> screen. You might want to verify that your email address is
> correct as displayed on the screen. From this screen, you may
> also view/subscribe to the digests, including the security
> bulletins digest.
>
> To get a patch matrix of current HP-UX and BLS security patches
> referenced by either Security Bulletin or Platform/OS, click on
> following screens in order:
> Technical Knowledge Database
> Browse Security Bulletins
> Security Bulletins Archive
> HP-UX Security Patch Matrix
>
> E. To report new security vulnerabilities, send email to
>
> security-alert@hp.com
>
> Please encrypt any exploit information using the security-alert
> PGP key, available from your local key server, or by sending a
> message with a -subject- (not body) of 'get key' (no quotes) to
> security-alert@hp.com.
>
> Permission is granted for copying and circulating this Bulletin to
> Hewlett-Packard (HP) customers (or the Internet community) for the
> purpose of alerting them to problems, if and only if, the Bulletin is
> not edited or changed in any way, is attributed to HP, and provided
> such reproduction and/or distribution is performed for non-commercial
> purposes.
>
> Any other use of this information is prohibited. HP is not liable
> for any misuse of this information by any third party.
> _______________________________________________________________________
> -----End of Document ID: HPSBUX9707-068--------------------------------------
>
