[3390] in bugtraq
Re: Vunerability in HP sysdiag ?
daemon@ATHENA.MIT.EDU (Shaun Lowry)
Wed Sep 25 13:59:20 1996
Date: Wed, 25 Sep 1996 09:15:24 +0100
Reply-To: Shaun Lowry <s.lowry@march.co.uk>
From: Shaun Lowry <shaunl@march.co.uk>
X-To: jjacobi@pop500.gsfc.nasa.gov
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <3244E32A.6093@pop500.gsfc.nasa.gov> from "John W. Jacobi" at Sep
21, 96 11:56:42 pm
>Hi all,
>
>If this is out, I apologize.
>
>Subject: Vunerability in HP sysdiag ???
>
>Program and Systems that I did this on:
> The sysdiag program on
> HP 9000/700/HPUX9.05 (has PHSS_7587)
> HP 9000/800/HPUX9.04 (not sure of patch regarding diags)
Also confirmed on
HP-UX viper B.10.10 A 9000/712 2003117870
>To Prevent:
> For now, turn off the set uid on the programs involved.
Does anyone know of a valid reason why normal users should be allowed to
use sysdiag anyway?
Shaun.
--
Shaun Lowry | March Systems Ltd., http://www.march.co.uk/
PGP Key available | 14 Brewery Court, High St.,
from key servers or | Theale, UK. RG7 5AJ
via e-mail on request | +44 118 930 4224
