Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Vunerability in HP sysdiag ?
From: shaunl () march co uk (Shaun Lowry)
Date: Wed, 25 Sep 1996 09:15:24 +0100


Hi all,

If this is out, I apologize.

Subject: Vunerability in HP sysdiag ???

Program and Systems that I did this on:
       The sysdiag program on
          HP 9000/700/HPUX9.05 (has PHSS_7587)
          HP 9000/800/HPUX9.04 (not sure of patch regarding diags)

Also confirmed on

        HP-UX viper B.10.10 A 9000/712 2003117870

To Prevent:
       For now, turn off the set uid on the programs involved.

Does anyone know of a valid reason why normal users should be allowed to
use sysdiag anyway?

        Shaun.

--
Shaun Lowry           | March Systems Ltd.,           http://www.march.co.uk/
PGP Key available     | 14 Brewery Court, High St.,
from key servers or   | Theale, UK. RG7 5AJ
via e-mail on request | +44 118 930 4224



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]