[5763] in bugtraq
Re: HPUX rexecd bug on trusted system
daemon@ATHENA.MIT.EDU (Security Alert)
Wed Dec 10 00:08:10 1997
Date: Tue, 9 Dec 1997 14:19:34 PST
Reply-To: Security Alert <secure@HPCUGSYA.CUP.HP.COM>
From: Security Alert <secure@HPCUGSYA.CUP.HP.COM>
To: BUGTRAQ@NETSPACE.ORG
>>>"Kevin K. Sochacki" <kksocha@ERENJ.COM> wrote:
>>>I have discovered a bug in rexecd on system running HPUX 10.20 that have
>>> been converted to trusted systems.
>> Security Alert wrote:
>> This problem _has_ been fully addressed in patch PHNE_12161. It was posted
>> to our patch hub on 19 August, and targets all HP9000 S700/800 10.X trusted
>> systems.
> "Kevin K. Sochacki" <kksocha@ERENJ.COM> wrote:
>So to your reply I respectfully add:
>
>This problem _has_NOT_ been fully addressed in patch PHNE_12161. It
>only addressed the most severe part of the problem, leaving an
>administrative headache. If you consider the administrator who's work
>load can't handle the added stress of constantly reactivating a number
>users, he may opt to disable this feature once again leaving the system
>vulnerable.
>
Kevin is exactly right, the counter is not being properly reset.
We are expending effort to _fully_ resolve this SA nightmare. They don't
need this kind of headache!
Thanks to Kevin for bringing this up and apologies to all affected parties!
We will post the patch ID to this list when completed.
HP S/W Security Team
--
