-----BEGIN PGP SIGNED MESSAGE-----
A bugtraq posting on July 9, 2003 mentions a
vulnerability in pcltotiff on HP-UX 10.XX.
This is the subject of the security bulletin
HPSBUX0104-149. The main points are:
PROBLEM: /opt/sharedprint/bin/pcltotiff has unsafe permissions.
PLATFORM: HP9000 Series 700/800 running HP-UX releases 10.01,
10.10, 10.20, and 10.26.
A. Background
/opt/sharedprint/bin/pcltotiff is in group bin with set group
id permissions. This is necessary to allow pcltotiff to read
files in /usr/lib/X11/fonts/ifo.st/typefaces/.
B. Fixing the problem
Remove the set group id permissions from pcltotiff and
allow read access to /usr/lib/X11/fonts/ifo.st/typefaces/.
C. Recommended solution
/sbin/chmod 555 /opt/sharedprint/bin/pcltotiff
/sbin/chmod o+r /usr/lib/X11/fonts/ifo.st/typefaces/
SOFTWARE SECURITY RESPONSE TEAM (SSRT)
Hewlett-Packard Company
HP Services
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
iQCVAwUBPvNXpUb+N2sIuD1FAQHQDAP/XFgnk/rDzf7waXFX4e4Z4xVcgvl/kBiQ
5CDQhgaJ4vkphaZjeN0QcRvwjBjLB6aJ22kcS+y5LJ2/AeBrocRJEPiE2xuaVrXs
7vRfBLXYTMEFtOq6NxHtfCljq2Js2f4gjjXRCzn5BxDU8JYJfhyk3xRvKKxv1clB
TjLuX5FcJII=
=pykc
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Jun 20 2003 - 13:35:54 PDT