Bugtraq mailing list archives
Re: HP-UX 11.0/800 patches leave suid binaries
From: olle () vattenfall se (Olle Segerdahl,D)
Date: Mon, 8 Feb 1999 09:08:58 +0100
On Fri, 5 Feb 1999, Lamont Granquist wrote:
The following file is left suid root after a patch installation in HP-UX 11.0: -r-s--x--x 1 root bin 20480 Nov 7 1997 /var/adm/sw/save/PHCO_13214/CMDS-AUX/usr/bin/newgrp % uname -a HP-UX xxxx B.11.00 A 9000/898 1687633341 two-user license Fortunately, the /var/adm/sw/save directory is only readable by root. I do not know if the newgrp binary is vulnerable, or if the PHCO_13214 patch is a security patch. I still feel this is poor practice by HP. HP-UX admins should scan their systems for other suid binaries which have been left lying around by other patches:
As far as I recall this has allways been the case with HP Patch saves. # #uname -r B.10.20 # #pwd /var/adm/sw/patch # #ll -d . dr-x------ 281 root sys 6144 Feb 4 19:17 . # #ll ./PHCO_12097/usr/bin/newgrp -r-sr-xr-x 1 root bin 16384 Jun 10 1996 ./PHCO_12097/usr/bin/newgrp # But as you can see /var/adm/sw/patch is +r+x root & no other permissions. Not good practice, but no immediate security threat either. /olle -- Above views are my own unless explicitly stated otherwise. God is real, until declared integer.
Current thread:
- Re: Cyrix bug: freeze in hell, badboy John Byrne (Feb 05)
- Re: Cyrix bug: freeze in hell, badboy Phillip R. Jaenke (Feb 05)
- HP-UX 11.0/800 patches leave suid binaries Lamont Granquist (Feb 05)
- Re: HP-UX 11.0/800 patches leave suid binaries Olle Segerdahl,D (Feb 08)
- Re: Cyrix bug: freeze in hell, badboy Ragnar Hojland Espinosa (Feb 06)
- remote exploit on pine 4.10 - neverending story? Michal Zalewski (Feb 07)
- Re: remote exploit on pine 4.10 - neverending story? Thomas Roessler (Feb 08)
- Re: remote exploit on pine 4.10 - neverending story? John D. Hardin (Feb 08)
- Possible Security Problem: Fake PGP Key Ben Laurie (Feb 08)
- ISS Internet Scanner Cannot be relied upon for conclusive Audits Mr. joej (Feb 07)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive blkadder () VALUE NET (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive BVE (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 08)