Bugtraq mailing list archives
Re: HPUX sam_exec
From: kenth () HNS St-Louis Mo US (Kent Hamilton)
Date: Fri, 19 Jul 1996 21:52:31 -0500
I sniffed the thing, and it doesn't look like the password is used at all during any of the transactions -- a .rhosts file gets installed in the sam_exec home dirright. which is exactly why sam_exec need not even exist.... It is a stupid hacky concept that they held onto for some reason. Just so you all know... I have had no response from hp re: sam_exec. Perhaps if someone were to login to www.hp.com as such and edit serverroot/index.html to post a "request" :).
HP is aware of the issue and is posting a security bulletin on Sunday night according to the person at HP I spoke with. They are "working on another way of doing this" (remote admin). I know at least one of the HP folks is on this list so I'll let him answer from there if he wants. -- Kent Hamilton Play: KentH () HNS St-Louis MO US NIC Handle: KH91 URL: http://www.icon-stl.net/~khamilto/ Blessed Be.... Work: KHamilton () Hunter COM
Current thread:
- HPUX sam_exec bogus technician (Jul 18)
- <Possible follow-ups>
- Re: HPUX sam_exec Matthew G. Harrigan (Jul 18)
- Re: HPUX sam_exec Kent Hamilton (Jul 19)
- quotas? maybe you're not seeing all of it Brett L. Hawn (Jul 21)
- whoops.. addendum Brett L. Hawn (Jul 21)
- ping Brian Mitchell (Jul 21)
- ping Brian Mitchell (Jul 21)