Re: Potential Security Vulnerability in kermit

Berlene Herren · ‎05-19-2003

=================================================================
A security bulletin has been issued:

-----------------------------------------------------------------
Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0305-259
Originally issued: 18 May 2003
SSRT3555 Potential Security Vulnerability in kermit

-----------------------------------------------------------------

To access the bulletin from the itrc:

Select "maintenance and support"
Select "search technical knowledge base"
Select "HP-UX Software Security Bulletins"
Select "Search by Security Bulletin Number"
Enter "HPSBUX0305-259"
Search

The complete list of security bulletins can be found here:

http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin
=================================================================
Berlene

http://www.mindspring.com/~bkherren/dobes/index.htm

Stefan Farrelly · ‎05-19-2003

just shoot the frog then.........

Im from Palmerston North, New Zealand, but somehow ended up in London...

enrico.nic · ‎05-20-2003

As stated by the security bulletin, a
# chmod 444 /usr/bin/kermit
should fix the problem, removing the suid execution permit. After that, "Full functionality will be available only to the root user."
Shouldn't it be chmod 555 ? How can root execute a program with read only permits ?

John Morris · ‎05-20-2003

Yes, it should have been 555. Sorry.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Potential Security Vulnerability in kermit

Potential Security Vulnerability in kermit