Bugtraq: Re: Vunerability in HP sysdiag ?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Vunerability in HP sysdiag ?

From: shaunl () march co uk (Shaun Lowry)
Date: Wed, 25 Sep 1996 09:15:24 +0100

Hi all,

If this is out, I apologize.

Subject: Vunerability in HP sysdiag ???

Program and Systems that I did this on:
       The sysdiag program on
          HP 9000/700/HPUX9.05 (has PHSS_7587)
          HP 9000/800/HPUX9.04 (not sure of patch regarding diags)


Also confirmed on

        HP-UX viper B.10.10 A 9000/712 2003117870

To Prevent:
       For now, turn off the set uid on the programs involved.


Does anyone know of a valid reason why normal users should be allowed to
use sysdiag anyway?

        Shaun.

--
Shaun Lowry           | March Systems Ltd.,           http://www.march.co.uk/
PGP Key available     | 14 Brewery Court, High St.,
from key servers or   | Theale, UK. RG7 5AJ
via e-mail on request | +44 118 930 4224

By Date By Thread

Current thread:

Vunerability in HP sysdiag ? John W. Jacobi (Sep 21)
- Re: Vunerability in HP sysdiag ? Shaun Lowry (Sep 25)
- Re: Vunerability in HP sysdiag ? Aggelos P. Varvitsiotis (Sep 25)
  - Re: Vunerability in HP sysdiag ? Tobias Richter (Sep 25)
- NT 4.0 default permissions Dan Shearer (Sep 25)
- HP-UX SAM hole... John W. Jacobi (Sep 25)
- NT security et al *Hobbit* (Sep 25)