From: Boren, Rich \(SSRT\) (Rich.Boren@hp.com)
Date: Thu Aug 01 2002 - 23:59:41 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SECURITY BULLETIN
TITLE: SSRT2257 HP Tru64 UNIX /usr/bin/su buffer overflow
potential exploit
REVISION: 1
NOTICE: There are no restrictions for distribution of this Bulletin
provided that it remains complete and intact.
RELEASE DATE: 1 August 2002
SEVERITY: 1
SOURCE: Compaq Computer Corporation, a wholly-owned
subsidiary of Hewlett-Packard Company and
Hewlett-Packard Company HP Services
Software Security Response Team
REFERENCE: SSRT2257
PROBLEM SUMMARY
This bulletin will be posted to the support website within 24 hours
of release to - http://thenew.hp.com/country/us/eng/support.html
Use the SEARCH IN feature box, enter SSRT2257 in the search window.
o /usr/bin/su (Severity - High)
SSRT2257 /usr/bin/su buffer overflow potential exploit
The /usr/bin/su command is used by authorized users to change
their user environment. A potential security vulnerability exploit
has been discovered for HP Tru64 UNIX which may allow local
authorized non-privileged users to gain unauthorized (root)
access. At this time we have no knowledge of this exploit
being actively used to compromise customer systems.
While developing this solution it was also reported that
potential buffer overflows exist in:
SSRT2190 /usr/bin/chsh (Severity - Medium)
SSRT2192 /usr/bin/passwd (Severity - Medium)
SSRT2259 /usr/bin/chfn (Severity - Medium)
SSRT2262 /usr/tcb/bin/dxchpwd (Severity - Medium)
The patch kit identified below resolves all problems
identified in the above commands.
This solution also includes integration of the previously
Early Release Patches (ERPs) distributed in the security
bulletin "SSRTM541/SSRT-541 Tru64 UNIX CDE, NFS and NIS
related Potential Security Vulnerabilities" because of
dependencies updates and affect only these versions of
Tru64 UNIX.
Tru64 UNIX 5.0A PK3
Tru64 UNIX 4.0G PK3
Tru64 UNIX 4.0F PK7
The integrated ERP kits identified below can be used by
customers who have and have not installed the ERPs for
SSRTM541/SSRT-541.
VERSIONS IMPACTED
HP Tru64 UNIX V5.1a
HP Tru64 UNIX V5.1
HP Tru64 UNIX V5.0a
HP Tru64 UNIX V4.0g
HP Tru64 UNIX V4.0f
NOT IMPACTED
HP-UX
HP NonStop Servers
RESOLUTION
Early Release Patches (ERPs) are now available for all
supported versions of HP Tru64 UNIX that provide a solution
to this potential vulnerability. The ERP kits use dupatch
to install and will not install over any Customer Specific
Patches (CSPs) which have file intersections with the ERPs.
Contact your normal support channel and request HP Tru64
services elevate a case to Support Engineering if a
CSP must be merged with one of the ERPs. Please review the
README file for each patch prior to installation.
HP Tru64 UNIX 5.1A:
Prerequisite: V5.1A with PK2 (BL2) installed
ERP Kit Name: T64V51AB2-C0041400-14950-ES-20020730.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.1a/
HP Tru64 UNIX V5.1A with PK1 (BL1) installed:
update to a minimum of PK2 (BL2) then install
ERP T64V51AB2-C0041400-14950-ES-20020730.tar
HP Tru64 UNIX 5.1:
Prerequisite: V5.1 with PK5 (BL19) installed
ERP Kit Name: T64V51B19-C0136900-14951-ES-20020730.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.1/
HP Tru64 UNIX V5.1 with PK4 (BL18) installed:
Update to a minimum of PK5 (BL19) then install
ERP T64V51B19-C0136900-14951-ES-20020730.tar
HP Tru64 UNIX 5.0A:
Prerequisite: V5.0A with PK3 (BL17) installed
ERP Kit Name: T64V50AB17-C0018404-14949-ES-20020730.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.0a/
HP Tru64 UNIX 4.0G:
Prerequisite: V4.0G with PK3 (BL17) installed
ERP Kit Name: T64V40GB17-C0010404-14948-ES-20020730.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v4.0g/
HP Tru64 UNIX 4.0F:
Prerequisite: V4.0F with PK7 (BL18) installed
ERP Kit Name: DUV40FB18-C0067403-14947-ES-20020730.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v4.0f/
HP Tru64 UNIX 4.0F PK6 (BL17) installed:
Update to a minimum of PK7 (BL18) then install the
ERP DUV40FB18-C0067403-14947-ES-20020730.tar
Information on how to verify MD5 and SHA1 checksums is
available at:
http://www.support.compaq.com/patches/whats-new.shtml
After completing the update, HP and Compaq strongly recommend
that you perform an immediate backup of the system disk so
that any subsequent restore operations begin with updated
software. Otherwise, the updates must be re-applied after
a future restore operation. Also, if at some future time
the system is upgraded to a later patch release or version
release, reinstall the appropriate ERP.
SUPPORT:
For further information, contact HP Services.
SUBSCRIBE:
To subscribe to automatically receive future
Security Advisories from the Software Security Response
Team via electronic mail:
http://www.support.compaq.com/patches/mailing-list.shtml
REPORT: To report a potential security vulnerability with
any Compaq supported product, send email to:
mailto:Security-alert@hp.com
HP and Compaq appreciate your cooperation and patience.
As always, HP and Compaq urge you to periodically review your
system management and security procedures. HP and Compaq will
continue to review and enhance the security features of its
products and work with our customers to maintain and improve
the security and integrity of their systems.
"HP and Compaq are broadly distributing this Security Bulletin
in order to bring to the attention of users of the affected
Compaq products the important security information contained
in this Bulletin. HP and Compaq recommend that all users
determine the applicability of this information to their
individual situations and take appropriate action. Neither
HP nor Compaq warrant that this information is necessarily
accurate or complete for all user situations and,
consequently, neither HP nor Compaq will be responsible for
any damages resulting from user's use or disregard of the
information provided in this Bulletin."
Copyright 2002 Compaq Information Technologies Group, L.P.
Compaq shall not be liable for technical or editorial errors
or omissions contained herein. The information in this document
is subject to change without notice. Compaq and the names of
Compaq products referenced herein are trademarks of Compaq
Information Technologies Group, L.P. in the United States
and other countries. Other product and company names mentioned
herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPUoDoznTu2ckvbFuEQIH3gCgroymCc/seOxw15gnSkeA23YZOj0Ani8e
GSQ7lnRFLzDPzZN5tIhuH+Q3
=wSwV
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:48 EDT