[3147] in bugtraq
HP elm exploit
daemon@ATHENA.MIT.EDU (Clay Shields)
Tue Aug 13 19:52:44 1996
Date: Tue, 13 Aug 1996 12:36:13 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Clay Shields <clay@cse.ucsc.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Does anyone know what the exploit is for this, the latest CERT bulletin?
Clay
---------------
From: CERT Bulletin <cert-advisory@cert.org>
Date: Tue, 13 Aug 1996 15:02:06 -0400
=============================================================================
CERT(sm) Vendor-Initiated Bulletin VB-96.13.hp
August 13, 1996
Topic: Security Vulnerability in elm
Source: Hewlett-Packard Company
Related CERT documents: VB-96.10a.elm
To aid in the wide distribution of essential security information, the CERT
Coordination Center is forwarding the following information from
Hewlett-Packard Company. Hewlett-Packard urges you to act on this information
as soon as possible. Their contact information is included in the forwarded
text below; please contact them if you have any questions or need further
information.
=======================FORWARDED TEXT STARTS HERE============================
===============================================================================
Document Id: [HPSBUX9608-037]
Date Loaded: [08-08-96]
Description: Security Vulnerability in elm
===============================================================================
- -------------------------------------------------------------------------
HEWLETT-PACKARD SECURITY ADVISORY: HPSBUX08-037, 08 August 1996
- -------------------------------------------------------------------------
The information in the following Security Advisory should be acted upon
as soon as possible. Hewlett Packard will not be liable for any
consequences to any customer resulting from customer's failure to fully
implement instructions in this Security Advisory as soon as possible.
_________________________________________________________________________
PROBLEM: Vulnerabilities in elm executable.
PLATFORM: HP 9000 series 300/400/700/800 systems running any version HP-UX
9.X or 10.X.
DAMAGE: User files can be modified by non-owners. When running a
restricted shell escapes may be possible.
SOLUTION: Apply patch PHCO_7204 (series 300/400,HP-UX 9.X), or
PHNE_7342 (series 700/800, HP-UX 9.X), or
PHNE_7343 (series 700/800, HP-UX 10.X).
AVAILABILITY:
All of the patches are available now.
For BLS system patch availability please contact your support
representative.
[ the rest cut ]
