Bugtraq mailing list archives

Re: HPUX sam_exec

From: kenth () HNS St-Louis Mo US (Kent Hamilton)
Date: Fri, 19 Jul 1996 21:52:31 -0500

I sniffed the thing, and it doesn't look like the password is used at all
during any of the transactions -- a .rhosts file gets installed in the
sam_exec home dir


right. which is exactly why sam_exec need not even exist....
It is a stupid hacky concept that they held onto for some reason.
Just so you all know... I have had no response from hp re: sam_exec.
Perhaps if someone were to login to www.hp.com as such and
edit serverroot/index.html to post a "request" :).


HP is aware of the issue and is posting a security bulletin on Sunday
night according to the person at HP I spoke with.  They are "working
on another way of doing this" (remote admin).

I know at least one of the HP folks is on this list so I'll let
him answer from there if he wants.

--
Kent Hamilton                      Play:  KentH () HNS St-Louis MO US
NIC Handle: KH91                    URL:  http://www.icon-stl.net/~khamilto/
Blessed Be....                     Work:  KHamilton () Hunter COM

Current thread:

HPUX sam_exec bogus technician (Jul 18)
- <Possible follow-ups>
- Re: HPUX sam_exec Matthew G. Harrigan (Jul 18)
  - Re: HPUX sam_exec Kent Hamilton (Jul 19)
  - quotas? maybe you're not seeing all of it Brett L. Hawn (Jul 21)
  - whoops.. addendum Brett L. Hawn (Jul 21)
  - ping Brian Mitchell (Jul 21)
    - Re: ping David Holland (Jul 22)
    - Re: ping Marek Michalkiewicz (Jul 22)
    - Re: ping Brian Mitchell (Jul 23)
  - ping Brian Mitchell (Jul 21)