[9409] in bugtraq
Re: HP-UX 11.0/800 patches leave suid binaries
daemon@ATHENA.MIT.EDU (Olle Segerdahl,D)
Mon Feb 8 12:09:58 1999
Date: Mon, 8 Feb 1999 09:08:58 +0100
Reply-To: olle@vattenfall.se
From: "Olle Segerdahl,D" <olle@VATTENFALL.SE>
X-To: Lamont Granquist <lamontg@RAVEN.GENOME.WASHINGTON.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SGI.4.05.9902051820010.10487-100000@raven.genome.washington.edu>
On Fri, 5 Feb 1999, Lamont Granquist wrote:
> The following file is left suid root after a patch installation in HP-UX
> 11.0:
>
> -r-s--x--x 1 root bin 20480 Nov 7 1997
> /var/adm/sw/save/PHCO_13214/CMDS-AUX/usr/bin/newgrp
>
> % uname -a
> HP-UX xxxx B.11.00 A 9000/898 1687633341 two-user license
>
> Fortunately, the /var/adm/sw/save directory is only readable by root. I do
> not know if the newgrp binary is vulnerable, or if the PHCO_13214 patch is
> a security patch. I still feel this is poor practice by HP. HP-UX admins
> should scan their systems for other suid binaries which have been left
> lying around by other patches:
As far as I recall this has allways been the case with HP Patch saves.
#
#uname -r
B.10.20
#
#pwd
/var/adm/sw/patch
#
#ll -d .
dr-x------ 281 root sys 6144 Feb 4 19:17 .
#
#ll ./PHCO_12097/usr/bin/newgrp
-r-sr-xr-x 1 root bin 16384 Jun 10 1996 ./PHCO_12097/usr/bin/newgrp
#
But as you can see /var/adm/sw/patch is +r+x root & no other permissions.
Not good practice, but no immediate security threat either.
/olle
--
Above views are my own unless explicitly stated otherwise.
God is real, until declared integer.
