OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Boren, Rich (SSRT) (Rich.Boren_at_hp.com)
Date: Thu Aug 01 2002 - 22:28:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    SECURITY BULLETIN

    TITLE: SSRT2257 HP Tru64 UNIX /usr/bin/su buffer overflow
           potential exploit

    REVISION: 1

    NOTICE: There are no restrictions for distribution of this Bulletin
    provided that it remains complete and intact.
     
    RELEASE DATE: 1 August 2002

    SEVERITY: 1

    SOURCE: Compaq Computer Corporation, a wholly-owned
             subsidiary of Hewlett-Packard Company and
             Hewlett-Packard Company HP Services
             Software Security Response Team

    REFERENCE: SSRT2257

    PROBLEM SUMMARY

    This bulletin will be posted to the support website within 24 hours
    of release to - http://thenew.hp.com/country/us/eng/support.html
    Use the SEARCH IN feature box, enter SSRT2257 in the search window.

      o /usr/bin/su (Severity - High)

         SSRT2257 /usr/bin/su buffer overflow potential exploit

    The /usr/bin/su command is used by authorized users to change
    their user environment. A potential security vulnerability exploit
    has been discovered for HP Tru64 UNIX which may allow local
    authorized non-privileged users to gain unauthorized (root)
    access. At this time we have no knowledge of this exploit
    being actively used to compromise customer systems.

    While developing this solution it was also reported that
    potential buffer overflows exist in:

      SSRT2190 /usr/bin/chsh (Severity - Medium)

      SSRT2192 /usr/bin/passwd (Severity - Medium)

      SSRT2259 /usr/bin/chfn (Severity - Medium)

      SSRT2262 /usr/tcb/bin/dxchpwd (Severity - Medium)

    The patch kit identified below resolves all problems
    identified in the above commands.

    This solution also includes integration of the previously
    Early Release Patches (ERPs) distributed in the security
    bulletin "SSRTM541/SSRT-541 Tru64 UNIX CDE, NFS and NIS
    related Potential Security Vulnerabilities" because of
    dependencies updates and affect only these versions of
    Tru64 UNIX.

       Tru64 UNIX 5.0A PK3

       Tru64 UNIX 4.0G PK3

       Tru64 UNIX 4.0F PK7

    The integrated ERP kits identified below can be used by
    customers who have and have not installed the ERPs for
    SSRTM541/SSRT-541.
     

    VERSIONS IMPACTED

      HP Tru64 UNIX V5.1a

      HP Tru64 UNIX V5.1

      HP Tru64 UNIX V5.0a

      HP Tru64 UNIX V4.0g

      HP Tru64 UNIX V4.0f

    NOT IMPACTED

      HP-UX

      HP NonStop Servers

     
    RESOLUTION

    Early Release Patches (ERPs) are now available for all
    supported versions of HP Tru64 UNIX that provide a solution
    to this potential vulnerability. The ERP kits use dupatch
    to install and will not install over any Customer Specific
    Patches (CSPs) which have file intersections with the ERPs.
    Contact your normal support channel and request HP Tru64
    services elevate a case to Support Engineering if a
    CSP must be merged with one of the ERPs. Please review the
    README file for each patch prior to installation.

    HP Tru64 UNIX 5.1A:
    Prerequisite: V5.1A with PK2 (BL2) installed
    ERP Kit Name: T64V51AB2-C0041400-14950-ES-20020730.tar
    Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.1a/

    HP Tru64 UNIX V5.1A with PK1 (BL1) installed:
    update to a minimum of PK2 (BL2) then install
    ERP T64V51AB2-C0041400-14950-ES-20020730.tar

    HP Tru64 UNIX 5.1:
    Prerequisite: V5.1 with PK5 (BL19) installed
    ERP Kit Name: T64V51B19-C0136900-14951-ES-20020730.tar
    Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.1/

    HP Tru64 UNIX V5.1 with PK4 (BL18) installed:
    Update to a minimum of PK5 (BL19) then install
    ERP T64V51B19-C0136900-14951-ES-20020730.tar

    HP Tru64 UNIX 5.0A:
    Prerequisite: V5.0A with PK3 (BL17) installed
    ERP Kit Name: T64V50AB17-C0018404-14949-ES-20020730.tar
    Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.0a/

    HP Tru64 UNIX 4.0G:
    Prerequisite: V4.0G with PK3 (BL17) installed
    ERP Kit Name: T64V40GB17-C0010404-14948-ES-20020730.tar
    Kit Location: ftp://ftp1.support.compaq.com/public/unix/v4.0g/

    HP Tru64 UNIX 4.0F:
    Prerequisite: V4.0F with PK7 (BL18) installed
    ERP Kit Name: DUV40FB18-C0067403-14947-ES-20020730.tar
    Kit Location: ftp://ftp1.support.compaq.com/public/unix/v4.0f/

    HP Tru64 UNIX 4.0F PK6 (BL17) installed:
    Update to a minimum of PK7 (BL18) then install the
    ERP DUV40FB18-C0067403-14947-ES-20020730.tar

    Information on how to verify MD5 and SHA1 checksums is
    available at:
    http://www.support.compaq.com/patches/whats-new.shtml

    After completing the update, HP and Compaq strongly recommend
    that you perform an immediate backup of the system disk so
    that any subsequent restore operations begin with updated
    software. Otherwise, the updates must be re-applied after
    a future restore operation. Also, if at some future time
    the system is upgraded to a later patch release or version
    release, reinstall the appropriate ERP.
     

    SUPPORT:

    For further information, contact HP Services.
     
    SUBSCRIBE:

    To subscribe to automatically receive future
    Security Advisories from the Software Security Response
    Team via electronic mail:
    http://www.support.compaq.com/patches/mailing-list.shtml
     
    REPORT: To report a potential security vulnerability with
    any Compaq supported product, send email to:
    mailto:Security-alerthp.com
     
    HP and Compaq appreciate your cooperation and patience.
    As always, HP and Compaq urge you to periodically review your
    system management and security procedures. HP and Compaq will
    continue to review and enhance the security features of its
    products and work with our customers to maintain and improve
    the security and integrity of their systems.
     
    "HP and Compaq are broadly distributing this Security Bulletin
    in order to bring to the attention of users of the affected
    Compaq products the important security information contained
    in this Bulletin. HP and Compaq recommend that all users
    determine the applicability of this information to their
    individual situations and take appropriate action. Neither
    HP nor Compaq warrant that this information is necessarily
    accurate or complete for all user situations and,
    consequently, neither HP nor Compaq will be responsible for
    any damages resulting from user's use or disregard of the
    information provided in this Bulletin."
     

    Copyright 2002 Compaq Information Technologies Group, L.P.
    Compaq shall not be liable for technical or editorial errors
    or omissions contained herein. The information in this document
    is subject to change without notice. Compaq and the names of
    Compaq products referenced herein are trademarks of Compaq
    Information Technologies Group, L.P. in the United States
    and other countries. Other product and company names mentioned
    herein may be trademarks of their respective owners.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0.4

    iQA+AwUBPUn8ZTnTu2ckvbFuEQJKFgCVHEIs9IoTKN23W6eTvlVQuyoHfQCfVSv6
    gYv7DRe10MezDYZDc5VMVG0=
    =YcRu
    -----END PGP SIGNATURE----- 

    ---