From support@us.external.hp.com Wed Mar 13 00:52:19 1996 Date: Wed, 13 Mar 1996 01:00:52 -0800 From: HPSL Mail Service Reply to: support-feedback@us.external.hp.com To: Damien Sorder Subject: RE: send doc HPSBUX9502-023 -------- ## Regarding your request: Send Doc HPSBUX9502-023 The following are the results of your request from the HP SupportLine mail service. =============================================================================== Document Id: [HPSBUX9502-023] Date Loaded: [02-22-95] Description: Security vulnerability in `at' & `cron' =============================================================================== ------------------------------------------------------------------------- HEWLETT-PACKARD SECURITY BULLETIN: #00023, 22 Feb 95 ------------------------------------------------------------------------- The information in the following Security Bulletin should be acted upon as soon as possible. Hewlett- Packard will not be liable for any consequences to any customer resulting from customer's failure to fully implement instructions in this Security Bulletin as soon as possible. _______________________________________________________________________ PROBLEM: Security vulnerability in the `at' and `cron' command in HP-UX PLATFORM: HP 9000 series 300/400s and/or 700/800s DAMAGE: Users can gain unauthorized privileges SOLUTION: Apply patch PHCO_5203 (series 700 , HP-UX 8.X), or PHCO_5204 (series 800 , HP-UX 8.X), or PHCO_5199 (series 300/400, HP-UX 8.X), or PHCO_5178 (series 700 , HP-UX 9.X), or PHCO_5193 (series 800 , HP-UX 9.X), or PHCO_5206 (series 300/400, HP-UX 9.0), or PHCO_5206 (series 300/400, HP-UX 9.03). AVAILABILITY: All patches are available now. _______________________________________________________________________ I. Update A. It has been found that all HP-UX systems have this vulnerability. B. Fixing the problem The vulnerability can be eliminated from releases 8.X and 9.X of HP-UX by applying a patch. All customers concerned with the security of their HP-UX systems should apply the appropriate patch described above as soon as possible. C. How to Install the Patch (for HP-UX 8.X and 9.X) 1. Determine which patch is appropriate for your hardware platform and operating system: PHCO_5203 (series 700 , HP-UX 8.X), or PHCO_5204 (series 800 , HP-UX 8.X), or PHCO_5199 (series 300/400, HP-UX 8.X), or PHCO_5178 (series 700 , HP-UX 9.X), or PHCO_5193 (series 800 , HP-UX 9.X), or PHCO_5206 (series 300/400, HP-UX 9.0), or PHCO_5206 (series 300/400, HP-UX 9.03). 2. Hewlett Packard's HP-UX patches are available via email & WWW (MOSAIC). To obtain a copy of the HP SupportLine email service user's guide, send the following in the TEXT PORTION OF THE MESSAGE to support@support.mayfield.hp.com (no Subject is required): send guide The users guide explains the process for downloading HP-UX patches via email and other services available. WWW (MOSAIC) service (downloading of patches) is also available via WWW (MOSAIC) our URL is: (http://support.mayfield.hp.com) 3. Apply the patch to your HP-UX system. 4. Examine /tmp/update.log for any relevant WARNINGs or ERRORs. This can be done as follows: a. At the shell prompt, type "tail -60 /tmp/update.log | more" b. Page through the next three screens via the space bar, looking for WARNING or ERROR messages. D. Impact of the patch and workaround The patch for HP-UX releases 8.X and 9.X provides a new version of /etc/cron and /usr/bin/at which fixes the vulnerability. E. To subscribe to automatically receive future NEW HP Security Bulletins from the HP SupportLine mail service via electronic mail, send an email message to: support@support.mayfield.hp.com (no Subject is required) Multiple instructions are allowed in the TEXT PORTION OF THE MESSAGE, here are some basic instructions you may want to use: * To add your name to the subscription list for new security bulletins, send the following in the TEXT PORTION OF THE MESSAGE: subscribe security_info * To retrieve the index of all HP Security Bulletins issued to date, send the following in the TEXT PORTION OF THE MESSAGE: send security_info_list WWW (MOSAIC) service (Browsing of Bulletins) is also available via WWW. Our URL is: (http://support.mayfield.hp.com) Choose "Support news", then under Support news, choose "Security Bulletins" F. To report new security vulnerabilities, send email to security-alert@hp.com _______________________________________________________________________