- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SWVERIFY Buffer Overflow Vulnerability - No HP Pat...
Operating System - HP-UX
1755661
Members
3547
Online
108837
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2001 02:27 PM
тАО09-25-2001 02:27 PM
On 9/3/01 there was a notice that swverify has
tis buffer overflow vulnerability.
See:
http://www.securityfocus.com/bin/3279
It says there is no resolution. Does anyone
know when HP will have a fix it patch?
Are folks concerned about this ? I'm not
sure what to do about this. This makes it
possible for local users to gain root access.
Any thoughts? HP do you read these postings?
Laurie
tis buffer overflow vulnerability.
See:
http://www.securityfocus.com/bin/3279
It says there is no resolution. Does anyone
know when HP will have a fix it patch?
Are folks concerned about this ? I'm not
sure what to do about this. This makes it
possible for local users to gain root access.
Any thoughts? HP do you read these postings?
Laurie
Happiness is a choice
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2001 02:43 PM
тАО09-25-2001 02:43 PM
Solution
Hi Laurie:
I have no comment nor information on the specific mention you make. However, HP is very proactive.
There is a security patch check tool available for 11.x:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
There are security web sites here:
http://www.hp.com/security/services/
http://www.hp.com/security/home.html
http://www.hp.com/security/products/ids/
Hopefully, one or more of these will help you.
Regards!
...JRF...
I have no comment nor information on the specific mention you make. However, HP is very proactive.
There is a security patch check tool available for 11.x:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
There are security web sites here:
http://www.hp.com/security/services/
http://www.hp.com/security/home.html
http://www.hp.com/security/products/ids/
Hopefully, one or more of these will help you.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2001 02:58 PM
тАО09-25-2001 02:58 PM
Re: SWVERIFY Buffer Overflow Vulnerability - No HP Patch?
Laurie,
I could not find a patch for that specific problem but you might try this:
The current permissions of /usr/sbin/swverify
is 4555; owned by root/bin.
You could change the permissions to 4550 so that only root or group bin users could execute the code. If someone needs to do a swinstall as non-root you could change the permissions back to 4555 temporarily.
Obviously not a good fix but it might be better than nothing.
Regards, Clay
I could not find a patch for that specific problem but you might try this:
The current permissions of /usr/sbin/swverify
is 4555; owned by root/bin.
You could change the permissions to 4550 so that only root or group bin users could execute the code. If someone needs to do a swinstall as non-root you could change the permissions back to 4555 temporarily.
Obviously not a good fix but it might be better than nothing.
Regards, Clay
If it ain't broke, I can fix that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2001 03:47 PM
тАО09-25-2001 03:47 PM
Re: SWVERIFY Buffer Overflow Vulnerability - No HP Patch?
Hi Laurie,
Have a look at this thread,
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=solution&id=3279
The site where this vulnerability is posted is showing the solution as PHCO_23483. One thing i can't understand is that this patch release date is 01/03/16 whereas the problem posting date is 01/09/03
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3279
http://us-support2.external.hp.com/wpsl/bin/doc.pl/screen=wpslDisplayPatch/sid=4d6a7967052a56a744
Hope this helps.
thanks
Have a look at this thread,
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=solution&id=3279
The site where this vulnerability is posted is showing the solution as PHCO_23483. One thing i can't understand is that this patch release date is 01/03/16 whereas the problem posting date is 01/09/03
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3279
http://us-support2.external.hp.com/wpsl/bin/doc.pl/screen=wpslDisplayPatch/sid=4d6a7967052a56a744
Hope this helps.
thanks
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP