HP-UX 11.0/800 patches leave suid binaries

From: Lamont Granquist (lamontgat_private)
Date: Fri Feb 05 1999 - 18:35:51 PST

Next message: Alex Muntada: "Re: Unsecured server in applets under Netscape"

Previous message: Ervin Fried: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Next in thread: Olle Segerdahl,D: "Re: HP-UX 11.0/800 patches leave suid binaries"
Reply: Olle Segerdahl,D: "Re: HP-UX 11.0/800 patches leave suid binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The following file is left suid root after a patch installation in HP-UX
11.0:

-r-s--x--x   1 root       bin          20480 Nov  7  1997
/var/adm/sw/save/PHCO_13214/CMDS-AUX/usr/bin/newgrp

% uname -a
HP-UX xxxx B.11.00 A 9000/898 1687633341 two-user license

Fortunately, the /var/adm/sw/save directory is only readable by root. I do
not know if the newgrp binary is vulnerable, or if the PHCO_13214 patch is
a security patch.  I still feel this is poor practice by HP.  HP-UX admins
should scan their systems for other suid binaries which have been left
lying around by other patches:

% find / ! -local -prune -o -type f \( -perm -4000 -o -perm -2000 \) -exec ls -lad \{\} \;

(assuming you don't want to scan your NFS disks, adjust accordingly if you
do...)

--
Lamont Granquist                       lamontgat_private
Dept. of Molecular Biotechnology       (206)616-5735  fax: (206)685-7344
Box 352145 / University of Washington / Seattle, WA 98195
PGP pubkey: finger lamontgat_private | pgp -fka

Next message: Alex Muntada: "Re: Unsecured server in applets under Netscape"
Previous message: Ervin Fried: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Next in thread: Olle Segerdahl,D: "Re: HP-UX 11.0/800 patches leave suid binaries"
Reply: Olle Segerdahl,D: "Re: HP-UX 11.0/800 patches leave suid binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:55 PDT