This is a multi-part message in MIME format. --------------F40EA5AFC023221591028211 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Security Alert wrote: > > "Kevin K. Sochacki" <kksochaat_private> wrote: > > > > I have discovered a bug in rexecd on system running HPUX 10.20 that have > > been converted to trusted systems. > <snip> > >This problem has been report to HP and is currently being addressed. > ^^^^^^^^^^^^ > to which we respectfully add: > > This problem _has_ been fully addressed in patch PHNE_12161. It was posted > to our patch hub on 19 August, and targets all HP9000 S700/800 10.X trusted > systems. > > HP S/W Security Team > -- The problem addressed in patch PHNE_12161 as implied in the description, only fixed a problem of not updating the bad login counter. This _does_ fix the vulnerability issue, however on successful log ins the bad login counter _does_not_ get cleared, therefor locking the users out no matter how many times they login successfully between unsuccessful attempts. So to your reply I respectfully add: This problem _has_NOT_ been fully addressed in patch PHNE_12161. It only addressed the most severe part of the problem, leaving an administrative headache. If you consider the administrator who's work load can't handle the added stress of constantly reactivating a number users, he may opt to disable this feature once again leaving the system vulnerable. I have patch PHNE_12161 applied and I'm constantly reactivating user accounts do to this problem. I have confirmed the problem it is reproducible and is a major headache. This is still a very big problem! -- (...Later..:) :)**************************(: Exxon Research & Engineering (: _/_/_/ _/_/ _/_/_/:) Kevin K. Sochacki :) _/ _/ _/ _/ (: ICS CC124 (908) 730-2911 (: _/_/_/ _/ _/ & _/_/_/ :) mailto:kksochaat_private :) _/ _/_/ _/ (: PERSONAL (:_/_/_/ _/ _/ _/_/_/ :) mailto:kksat_private :)**************************(: http://mars.superlink.net/kks --------------F40EA5AFC023221591028211 Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Kevin Sochacki Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Kevin Sochacki n: Sochacki;Kevin org: Exxon Research & Engineering adr: Route 22 East;;;Annandale;NJ;08801;USA email;internet: kksochaat_private title: Contractor tel;work: (908) 730-2911 tel;fax: (908) 730-3823 tel;home: (908) 874-8414 x-mozilla-cpt: ;0 x-mozilla-html: TRUE end: vcard --------------F40EA5AFC023221591028211--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:35:03 PDT