SWVERIFY Buffer Overflow Vulnerability - No HP Patch?

Laurie A. Krumrey · ‎09-25-2001

On 9/3/01 there was a notice that swverify has
tis buffer overflow vulnerability.

See:

http://www.securityfocus.com/bin/3279

It says there is no resolution. Does anyone
know when HP will have a fix it patch?

Are folks concerned about this ? I'm not
sure what to do about this. This makes it
possible for local users to gain root access.

Any thoughts? HP do you read these postings?

Laurie

Happiness is a choice

James R. Ferguson · ‎09-25-2001

Hi Laurie:

I have no comment nor information on the specific mention you make. However, HP is very proactive.

There is a security patch check tool available for 11.x:

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA

There are security web sites here:

http://www.hp.com/security/services/

http://www.hp.com/security/home.html

http://www.hp.com/security/products/ids/

Hopefully, one or more of these will help you.

Regards!

...JRF...

A. Clay Stephenson · ‎09-25-2001

Laurie,

I could not find a patch for that specific problem but you might try this:

The current permissions of /usr/sbin/swverify
is 4555; owned by root/bin.

You could change the permissions to 4550 so that only root or group bin users could execute the code. If someone needs to do a swinstall as non-root you could change the permissions back to 4555 temporarily.

Obviously not a good fix but it might be better than nothing.

Regards, Clay

If it ain't broke, I can fix that.

Sanjay_6 · ‎09-25-2001

Hi Laurie,

Have a look at this thread,

http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=solution&id=3279

The site where this vulnerability is posted is showing the solution as PHCO_23483. One thing i can't understand is that this patch release date is 01/03/16 whereas the problem posting date is 01/09/03

http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3279

http://us-support2.external.hp.com/wpsl/bin/doc.pl/screen=wpslDisplayPatch/sid=4d6a7967052a56a744

Hope this helps.

thanks

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

SWVERIFY Buffer Overflow Vulnerability - No HP Patch?

SWVERIFY Buffer Overflow Vulnerability - No HP Patch?

Re: SWVERIFY Buffer Overflow Vulnerability - No HP Patch?

Re: SWVERIFY Buffer Overflow Vulnerability - No HP Patch?

Re: SWVERIFY Buffer Overflow Vulnerability - No HP Patch?