https://community.hpe.com/t5/operating-system-hp-ux/potential-security-vulnerability-in-kermit/m-p/2976293#M752873 As stated by the security bulletin, a<BR /># chmod 444 /usr/bin/kermit<BR />should fix the problem, removing the suid execution permit. After that, "Full functionality will be available only to the root user."<BR />Shouldn't it be chmod 555 ? How can root execute a program with read only permits ?<BR /><BR /> Tue, 20 May 2003 07:00:35 GMT enrico.nic 2003-05-20T07:00:35Z https://community.hpe.com/t5/operating-system-hp-ux/potential-security-vulnerability-in-kermit/m-p/2976291#M752871 =================================================================<BR />A security bulletin has been issued:<BR /><BR />-----------------------------------------------------------------<BR /> Source: HEWLETT-PACKARD COMPANY<BR /> SECURITY BULLETIN: HPSBUX0305-259<BR /> Originally issued: 18 May 2003<BR /> SSRT3555 Potential Security Vulnerability in kermit<BR /><BR /> -----------------------------------------------------------------<BR /><BR />To access the bulletin from the itrc:<BR /><BR /> Select "maintenance and support"<BR /> Select "search technical knowledge base"<BR /> Select "HP-UX Software Security Bulletins"<BR /> Select "Search by Security Bulletin Number"<BR /> Enter "HPSBUX0305-259"<BR /> Search<BR /><BR />The complete list of security bulletins can be found here:<BR /><BR /> <A href="http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin" target="_blank">http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin</A><BR />=================================================================<BR />Berlene Mon, 19 May 2003 11:17:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/potential-security-vulnerability-in-kermit/m-p/2976291#M752871 Berlene Herren 2003-05-19T11:17:07Z https://community.hpe.com/t5/operating-system-hp-ux/potential-security-vulnerability-in-kermit/m-p/2976292#M752872 just shoot the frog then......... Mon, 19 May 2003 11:24:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/potential-security-vulnerability-in-kermit/m-p/2976292#M752872 Stefan Farrelly 2003-05-19T11:24:46Z https://community.hpe.com/t5/operating-system-hp-ux/potential-security-vulnerability-in-kermit/m-p/2976293#M752873 As stated by the security bulletin, a<BR /># chmod 444 /usr/bin/kermit<BR />should fix the problem, removing the suid execution permit. After that, "Full functionality will be available only to the root user."<BR />Shouldn't it be chmod 555 ? How can root execute a program with read only permits ?<BR /><BR /> Tue, 20 May 2003 07:00:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/potential-security-vulnerability-in-kermit/m-p/2976293#M752873 enrico.nic 2003-05-20T07:00:35Z https://community.hpe.com/t5/operating-system-hp-ux/potential-security-vulnerability-in-kermit/m-p/2976294#M752874 Yes, it should have been 555. Sorry. Tue, 20 May 2003 10:44:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/potential-security-vulnerability-in-kermit/m-p/2976294#M752874 John Morris 2003-05-20T10:44:07Z