Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Critical Security Bulletin Notification

 
F Verschuren
Esteemed Contributor

Critical Security Bulletin Notification

I reseved a critical patch that needs to be installed on all hp systems
http://alerts.hp.com/r?2.1.3KT.2ZR.yYLPc.CymZx6..T.G9qo.1mR2.HXYEdc00
In the url there seems to be a bug in the comand useradd, however if I download the patch I see that the tree patches are for chmod, can somebody explean what chmod and useradd have in comment and if this are the correct patches?
11 REPLIES 11
Highlighted
Bart Paulusse
Respected Contributor

Re: Critical Security Bulletin Notification

When I use your url, it shows a security bulletin regarding Apache vulnerabilities, nothing about useradd...
If there is a bug in the useradd command, useradd should be patched and not chmod. Does the patch perhaps contain patches for both? If not it seems the patch you downloaded is not correct.
F Verschuren
Esteemed Contributor

Re: Critical Security Bulletin Notification

mobidyc
Trusted Contributor

Re: Critical Security Bulletin Notification

Hi,

this patch correct a bug in the skel directory used by useradd in some circumstances.

chmod fixes the rights on the home directory for the new user.

Regards,
Cedrick Gaillard
Best regards, Cedrick Gaillard
F Verschuren
Esteemed Contributor

Re: Critical Security Bulletin Notification

If I download the patch, I do not see any changes to the skil dirs.

so the question remane, why do I neet to patch chmod if useradd is not ok....

is it because useradd is useing chmod?
ore are the patches not compleat?

Dennis Handly
Acclaimed Contributor

Re: Critical Security Bulletin Notification

>If I download the patch, I do not see any changes to the skel dirs.
>so the question remains, why do I need to patch chmod if useradd is not ok.

Good questions, you should provide feedback on that Alert page.
Dennis Handly
Acclaimed Contributor

Re: Critical Security Bulletin Notification

It seems the 11.31 useradd(1m) patch is PHCO_38547 and the chmod patch is PHCO_38482.

But I don't see any mention of these in the former:
OS-Core.SYS-ADMIN: /etc/default/useradd
OS-Core.SYS-ADMIN: /usr/newconfig/etc/default/useradd

Though I do see them in the 11.11 version: PHCO_38492

A previous security bulletin mentions useradd too:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01455884
F Verschuren
Esteemed Contributor

Re: Critical Security Bulletin Notification

I just pleased a software call and send a mail to security-alert@hp.com
As soon I get the anser form HP I will post it here
F Verschuren
Esteemed Contributor

Re: Critical Security Bulletin Notification

reaction form hp:

-----Original Message-----

Subject: RE: <1604942226>


Freek,

For HP-UX 11.31 this is the patch ----Patch PHCO_38547

For HP-UX 11.23 this is the patch ----Patch PHCO_38491

For HP-UX 11.11 this is the patch ---Patch PHCO_38492

Indeed the documentation is very much missleading. I sent a correction request.

Regards,
Ari
Torsten.
Acclaimed Contributor

Re: Critical Security Bulletin Notification

You should never post complete email addresses - think about the spam robots.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!