[2972] in bugtraq
Re: HPUX sam_exec
daemon@ATHENA.MIT.EDU (Kent Hamilton)
Mon Jul 22 12:50:23 1996
Date: Fri, 19 Jul 1996 21:52:31 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Kent Hamilton <kenth@HNS.St-Louis.Mo.US>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <2.2.32.19960719020219.00701ea0@lintjr.cisco.com> from "Matthew
G. Harrigan" at Jul 18, 96 07:02:19 pm
> >I sniffed the thing, and it doesn't look like the password is used at all
> >during any of the transactions -- a .rhosts file gets installed in the
> >sam_exec home dir
>
> right. which is exactly why sam_exec need not even exist....
> It is a stupid hacky concept that they held onto for some reason.
> Just so you all know... I have had no response from hp re: sam_exec.
> Perhaps if someone were to login to www.hp.com as such and
> edit serverroot/index.html to post a "request" :).
HP is aware of the issue and is posting a security bulletin on Sunday
night according to the person at HP I spoke with. They are "working
on another way of doing this" (remote admin).
I know at least one of the HP folks is on this list so I'll let
him answer from there if he wants.
--
Kent Hamilton Play: KentH@HNS.St-Louis.MO.US
NIC Handle: KH91 URL: http://www.icon-stl.net/~khamilto/
Blessed Be.... Work: KHamilton@Hunter.COM
