Re: Vulnerability in HP sysdiag??? and securetty

[Todd_Beebe () exchng1 gallup com (Beebe, Todd)]

Funny thing..

I just duplicated the sysdiag bug shown below..  The system I tried
it on is running hpux 10.10, why would HP fix a security bug in 1994
in hpux 9.04, then release it years later in a new release?

Although, the system would not let me log in immediately since roots
.rhosts file was owned by the non-root user(me) who created it with
sysdiag, but since I was the owner of the file I could chown root
.rhosts then the system graciously let me rlogin as root without that
annoying password.

On a side note, if there are any SysAdmins out there using the
/etc/securetty file as a means to disallow direct root login, don't. It
also
has a "bug" that HP support never gave me a answer for.  If you
use xterm to login to your server it doesn't use the /etc/securetty file
so the tty is not secure, you can get a direct login as root without
any changes to the system.  I thought somewhere within C2 specifications
it talked about disallowing direct root login....


> ----------
> From:  security-alert () hp com[SMTP:security-alert () hp com]
> Sent:  Wednesday, September 25, 1996 6:18 PM
> To:    Multiple recipients of list BUGTRAQ
> Subject:       Vulnerability in HP sysdiag???
>
> To whom it may concern:
>
>  Recent bugtraq discussions under the subject: "Vunerability in HP
> sysdiag???"
> discuss exploitations using the system diagnostics.
>  The Hewlett-Packard Co. Security Bulletin #11 dated 12-02-94 concerning
> Security Vulnerability in CORE-DIAG fileset references a patch for HP-UX
> release 9.04 (PHSS_4749) that has now been superceeded by PHSS_6300.  It also
> has a dependency on patch PHKL_6100.  When properly installed both patches
> (6300 & 6100) together will circumvent the behavior described.
>
>      To subscribe to automatically receive future NEW HP Security
>      Bulletins from the HP SupportLine mail service via electronic
>      mail, send an email message to:
>
>      support () us external hp com   (no Subject is required)
>
>      Multiple instructions are allowed in the TEXT PORTION OF THE
>      MESSAGE, here are some basic instructions you may want to use:
>
>      To add your name to the subscription list for new security
>      bulletins, send the following in the TEXT PORTION OF THE MESSAGE:
>
>                  subscribe security_info
>
>      To retrieve the index of all HP Security Bulletins issued to
>      date, send the following in the TEXT PORTION OF THE MESSAGE:
>
>                  send security_info_list
>
>      To get a patch matrix of current HP-UX and BLS security
>      patches referenced by either Security Bulletin or Platform/OS,
>      put the following in the text portion of your message:
>
>                  send hp-ux_patch_matrix
>
>      World Wide Web service for browsing of bulletins is available
>      via our URL: http://us.external.hp.com
>
>       Choose "Support news", then under Support news,
>       choose "Security Bulletins"