mailing list archives
Re: Vunerability in HP sysdiag ?
From: shaunl () march co uk (Shaun Lowry)
Date: Wed, 25 Sep 1996 09:15:24 +0100
If this is out, I apologize.
Subject: Vunerability in HP sysdiag ???
Program and Systems that I did this on:
The sysdiag program on
HP 9000/700/HPUX9.05 (has PHSS_7587)
HP 9000/800/HPUX9.04 (not sure of patch regarding diags)
Also confirmed on
HP-UX viper B.10.10 A 9000/712 2003117870
For now, turn off the set uid on the programs involved.
Does anyone know of a valid reason why normal users should be allowed to
use sysdiag anyway?
Shaun Lowry | March Systems Ltd., http://www.march.co.uk/
PGP Key available | 14 Brewery Court, High St.,
from key servers or | Theale, UK. RG7 5AJ
via e-mail on request | +44 118 930 4224