Bugtraq mailing list archives

Re: HPUX rexecd bug on trusted system

From: kksocha () ERENJ COM (Kevin K. Sochacki)
Date: Mon, 8 Dec 1997 11:43:28 -0500


This is a multi-part message in MIME format.
--------------F40EA5AFC023221591028211
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Security Alert wrote:


"Kevin K. Sochacki" <kksocha () ERENJ COM> wrote:


I have discovered a bug in rexecd on system running HPUX 10.20 that have
been converted to trusted systems.

<snip>

This problem has been report to HP and is currently being addressed.

                                        ^^^^^^^^^^^^
to which we respectfully add:

This problem _has_ been fully addressed in patch PHNE_12161.  It was posted
to our patch hub on 19 August, and targets all HP9000 S700/800 10.X trusted
systems.

HP S/W Security Team
--


The problem addressed in patch PHNE_12161 as implied in the description,
only fixed a problem of not updating the bad login counter. This _does_
fix the vulnerability issue, however on successful log ins the bad login
counter _does_not_ get cleared, therefor locking the users out no matter
how many times they login successfully between unsuccessful attempts.

So to your reply I respectfully add:

This problem _has_NOT_ been fully addressed in patch PHNE_12161.  It
only addressed the most severe part of the problem, leaving an
administrative headache. If you consider the administrator who's work
load can't handle the added stress of constantly reactivating a number
users, he may opt to disable this feature once again leaving the system
vulnerable.

I have patch PHNE_12161 applied and I'm constantly reactivating user
accounts do to this problem. I have confirmed the problem it is
reproducible and is a major headache. This is still a very big problem!

--
(...Later..:)
:)**************************(: Exxon Research & Engineering
(:    _/_/_/ _/_/     _/_/_/:) Kevin K. Sochacki
:)   _/     _/  _/   _/     (: ICS CC124 (908) 730-2911
(:  _/_/_/ _/ _/  & _/_/_/  :) mailto:kksocha () erenj com
:) _/     _/_/     _/       (:   PERSONAL
(:_/_/_/ _/  _/   _/_/_/    :) mailto:kks () superlink net
:)**************************(: http://mars.superlink.net/kks
--------------F40EA5AFC023221591028211
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Kevin Sochacki
Content-Disposition: attachment; filename="vcard.vcf"

begin:          vcard
fn:             Kevin Sochacki
n:              Sochacki;Kevin
org:            Exxon Research & Engineering
adr:            Route 22 East;;;Annandale;NJ;08801;USA
email;internet: kksocha () erenj com
title:          Contractor
tel;work:       (908) 730-2911
tel;fax:        (908) 730-3823
tel;home:       (908) 874-8414
x-mozilla-cpt:  ;0
x-mozilla-html: TRUE
end:            vcard


--------------F40EA5AFC023221591028211--

Current thread:

HPUX rexecd bug on trusted system Kevin K. Sochacki (Dec 05)
- <Possible follow-ups>
- Re: HPUX rexecd bug on trusted system Security Alert (Dec 05)
- Re: HPUX rexecd bug on trusted system Kevin K. Sochacki (Dec 08)
- Re: HPUX rexecd bug on trusted system Security Alert (Dec 09)