HPE Community
Operating System - HP-UX
1833047 Members
2400 Online
110049 Solutions
New Discussion

Re: Vulnerability for the HP-UX 11 * (export)

 
Ben Curran
Occasional Contributor

‎10-25-2004 02:55 AM

‎10-25-2004 02:55 AM

Vulnerability for the HP-UX 11 * (export)

We identified a vulnerability in the versions 11 x (HP-UX). We saw that to the we create a bill without any privilege could become root with only two commands, these are export PS4 = '--> ' soon afterwards digitar.pg - it will generate an error message, masi is enough to type whoami that you will see that this bill became root, and the worst is that when typing the who you will see that the bill without privilege will be logada and you won't get to see that she will be as root.

How can I solve this vulnerability?
0 Kudos
Reply
2 REPLIES 2
Steven E. Protter
Exalted Contributor

‎10-25-2004 03:00 AM

‎10-25-2004 03:00 AM

Re: Vulnerability for the HP-UX 11 * (export)

Modify the permissions and ownership on the file so that only authorized users can access the file.

Contact HP and report with greater detail on the vulnerability and their security team may open a call and document it.

AS it stands now you've not given enough information on the process of creating the vulnerability for me to give further help.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
John Morris
Advisor

‎10-26-2004 05:28 AM

‎10-26-2004 05:28 AM

Re: Vulnerability for the HP-UX 11 * (export)

Steven is correct. Please send e-mail to security-alert@hp.com.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.