Bugtraq mailing list archives
Re: HPUX rexecd bug on trusted system
From: secure () HPCUGSYA CUP HP COM (Security Alert)
Date: Tue, 9 Dec 1997 14:19:34 PST
"Kevin K. Sochacki" <kksocha () ERENJ COM> wrote: I have discovered a bug in rexecd on system running HPUX 10.20 that have been converted to trusted systems.Security Alert wrote: This problem _has_ been fully addressed in patch PHNE_12161. It was posted to our patch hub on 19 August, and targets all HP9000 S700/800 10.X trusted systems."Kevin K. Sochacki" <kksocha () ERENJ COM> wrote: So to your reply I respectfully add: This problem _has_NOT_ been fully addressed in patch PHNE_12161. It only addressed the most severe part of the problem, leaving an administrative headache. If you consider the administrator who's work load can't handle the added stress of constantly reactivating a number users, he may opt to disable this feature once again leaving the system vulnerable.
Kevin is exactly right, the counter is not being properly reset. We are expending effort to _fully_ resolve this SA nightmare. They don't need this kind of headache! Thanks to Kevin for bringing this up and apologies to all affected parties! We will post the patch ID to this list when completed. HP S/W Security Team --
Current thread:
- HPUX rexecd bug on trusted system Kevin K. Sochacki (Dec 05)
- <Possible follow-ups>
- Re: HPUX rexecd bug on trusted system Security Alert (Dec 05)
- Re: HPUX rexecd bug on trusted system Kevin K. Sochacki (Dec 08)
- Re: HPUX rexecd bug on trusted system Security Alert (Dec 09)