Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HP-UX 11.0/800 patches leave suid binaries

From: olle () vattenfall se (Olle Segerdahl,D)
Date: Mon, 8 Feb 1999 09:08:58 +0100

On Fri, 5 Feb 1999, Lamont Granquist wrote:


The following file is left suid root after a patch installation in HP-UX
11.0:

-r-s--x--x   1 root       bin          20480 Nov  7  1997
/var/adm/sw/save/PHCO_13214/CMDS-AUX/usr/bin/newgrp

% uname -a
HP-UX xxxx B.11.00 A 9000/898 1687633341 two-user license

Fortunately, the /var/adm/sw/save directory is only readable by root. I do
not know if the newgrp binary is vulnerable, or if the PHCO_13214 patch is
a security patch.  I still feel this is poor practice by HP.  HP-UX admins
should scan their systems for other suid binaries which have been left
lying around by other patches:


As far as I recall this has allways been the case with HP Patch saves.

#
#uname -r
B.10.20
#
#pwd
/var/adm/sw/patch
#
#ll -d .
dr-x------  281 root       sys           6144 Feb  4 19:17 .
#
#ll ./PHCO_12097/usr/bin/newgrp
-r-sr-xr-x   1 root       bin          16384 Jun 10  1996 ./PHCO_12097/usr/bin/newgrp
#

But as you can see /var/adm/sw/patch is +r+x root & no other permissions.

Not good practice, but no immediate security threat either.


/olle

--
Above views are my own unless explicitly stated otherwise.
God is real, until declared integer.
Previous By Date Next
Previous By Thread Next

Current thread: