Bugtraq mailing list archives
HP elm exploit
From: clay () cse ucsc edu (Clay Shields)
Date: Tue, 13 Aug 1996 12:36:13 -0700
Does anyone know what the exploit is for this, the latest CERT bulletin? Clay --------------- From: CERT Bulletin <cert-advisory () cert org> Date: Tue, 13 Aug 1996 15:02:06 -0400 ============================================================================= CERT(sm) Vendor-Initiated Bulletin VB-96.13.hp August 13, 1996 Topic: Security Vulnerability in elm Source: Hewlett-Packard Company Related CERT documents: VB-96.10a.elm To aid in the wide distribution of essential security information, the CERT Coordination Center is forwarding the following information from Hewlett-Packard Company. Hewlett-Packard urges you to act on this information as soon as possible. Their contact information is included in the forwarded text below; please contact them if you have any questions or need further information. =======================FORWARDED TEXT STARTS HERE============================ =============================================================================== Document Id: [HPSBUX9608-037] Date Loaded: [08-08-96] Description: Security Vulnerability in elm =============================================================================== - ------------------------------------------------------------------------- HEWLETT-PACKARD SECURITY ADVISORY: HPSBUX08-037, 08 August 1996 - ------------------------------------------------------------------------- The information in the following Security Advisory should be acted upon as soon as possible. Hewlett Packard will not be liable for any consequences to any customer resulting from customer's failure to fully implement instructions in this Security Advisory as soon as possible. _________________________________________________________________________ PROBLEM: Vulnerabilities in elm executable. PLATFORM: HP 9000 series 300/400/700/800 systems running any version HP-UX 9.X or 10.X. DAMAGE: User files can be modified by non-owners. When running a restricted shell escapes may be possible. SOLUTION: Apply patch PHCO_7204 (series 300/400,HP-UX 9.X), or PHNE_7342 (series 700/800, HP-UX 9.X), or PHNE_7343 (series 700/800, HP-UX 10.X). AVAILABILITY: All of the patches are available now. For BLS system patch availability please contact your support representative. [ the rest cut ]
Current thread:
- Re: mail storm, (continued)
- Re: mail storm Sean B. Hamor (Aug 13)
- setuid lp script Francis Liu (Aug 13)
- Re: setuid lp script Casper Dik (Aug 15)
- CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
- IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- Re: mail storm Brett L. Hawn (Aug 13)
- Re: mail storm John Ladwig (Aug 13)
- Re: mail storm C. Harald Koch (Aug 13)
- Re: mail storm Joe Rhett (Aug 13)
- Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
- HP elm exploit Clay Shields (Aug 13)
- Re: mail storm der Mouse (Aug 13)
- Re: mail storm J.R.Valverde (Aug 13)