From dimensional.com!visi.com!mr.net!netnews.com!howland.erols.net!news.mathworks.com!enews.sgi.com!news.sgi.com!news.tamu.edu!news.utdallas.edu!news.starnet.net!news.starnet.net!sdd.hp.com!hp-pcd!hpbs2500.boi.hp.com!hpax!secure Sun Jan 19 20:33:20 1997 Path: dimensional.com!visi.com!mr.net!netnews.com!howland.erols.net!news.mathworks.com!enews.sgi.com!news.sgi.com!news.tamu.edu!news.utdallas.edu!news.starnet.net!news.starnet.net!sdd.hp.com!hp-pcd!hpbs2500.boi.hp.com!hpax!secure From: secure@cup.hp.com (Security Alert) Newsgroups: comp.security.misc Subject: SB47 Incorrect permissions on /opt/wt/bin/movemail Date: 10 Jan 1997 03:03:04 GMT Organization: Hewlett Packard Cupertino Site Lines: 108 Message-ID: <5b4bh8$ksj@hpax.cup.hp.com> NNTP-Posting-Host: hpcugsya.cup.hp.com X-Newsreader: TIN [version 1.2 PL0.9] Xref: dimensional.com comp.security.misc:15413 ------------------------------------------------------------------------- HEWLETT-PACKARD SECURITY BULLETIN: #00047, 06 January 1997 ------------------------------------------------------------------------- The information in the following Security Bulletin should be acted upon as soon as possible. Hewlett Packard will not be liable for any consequences to any customer resulting from customer's failure to fully implement instructions in this Security Bulletin as soon as possible. ------------------------------------------------------------------------- PROBLEM: Incorrect permissions on /opt/wt/bin/movemail. PLATFORM: HP 9000 series 700/800 systems running version 10.20 only. DAMAGE: Increased capability. SOLUTION: Install PHSS_9669. AVAILABILITY: Patch is available now. ------------------------------------------------------------------------- I. A. Background /opt/wt/bin/movemail as delivered in HP-UX release 10.20 has incorrect permissions. B. Fixing the problem EIther install patch PHSS_9669 or as root perform the following action: chmod 2555 /opt/wt/bin/movemail C. Recommended solution Apply the patch listed above. Any future patch superceeding the listed patch will contain the fix. D. Impact of the patch Installs /opt/wt/bin/movemail with the correct permissions. E. To subscribe to automatically receive future NEW HP Security Bulletins from the HP SupportLine Digest service via electronic mail, do the following: 1) From your Web browser, access the URL: http://us-support.external.hp.com (US,Canada, Asia-Pacific, and Latin-America) http://europe-support.external.hp.com (Europe) 2) On the HP Electronic Support Center main screen, select the hyperlink "Support Information Digests". 3) On the "Welcome to HP's Support Information Digests" screen, under the heading "Register Now", select the appropriate hyperlink "Americas and Asia-Pacific", or "Europe". 4) On the "New User Registration" screen, fill in the fields for the User Information and Password and then select the button labeled "Submit New User". 5) On the "User ID Assigned" screen, select the hyperlink "Support Information Digests". **Note what your assigned user ID and password are for future reference. 6) You should now be on the "HP Support Information Digests Main" screen. You might want to verify that your email address is correct as displayed on the screen. From this screen, you may also view/subscribe to the digests, including the security bulletins digest. To get a patch matrix of current HP-UX and BLS security patches referenced by either Security Bulletin or Platform/OS, click on following screens in order: Technical Knowledge Database Browse Security Bulletins Security Bulletins Archive HP-UX Security Patch Matrix F. To report new security vulnerabilities, send email to security-alert@hp.com Please encrypt any exploit information using the security-alert PGP key, available from your local key server, or by sending a message with a -subject- (not body) of 'get key' (no quotes) to security-alert@hp.com. Permission is granted for copying and circulating this bulletin to Hewlett-Packard (HP) customers (or the Internet community) for the purpose of alerting them to problems, if and only if, the bulletin is not edited or changed in any way, is attributed to HP, and provided such reproduction and/or distribution is performed for non-commercial purposes. Any other use of this information is prohibited. HP is not liable for any misuse of this information by any third party. ________________________________________________________________________