-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =============================================================================== >> CERT-NL, 01-Mar-2000 << >> All CERT-NL information has been moved to http://cert.surfnet.nl. Links << >> to CERT-NL information contained in this advisory are therefore outdated. << >> << >> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the << >> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the << >> complete CERT-CC advisory texts: http://www.cert.org << =============================================================================== =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Teun Nijssen Index : S-00-01 Distribution : World Page : 1 Classification: External Version: 1 Subject : HP Aserver Date :01-Jan-2000 =============================================================================== By courtesy of HEWLETT-PACKARD COMPANY we received information on a vulnerability in /opt/audio/bin/Aserver CERT-NL recommends to disable the audio server and start the year, the century and the millennium silently after all that firework. ------------------------------------------------------------------------- HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00108, 01 Jan 2000 ------------------------------------------------------------------------- PROBLEM: /opt/audio/bin/Aserver can be used to gain root access. PLATFORM: HP9000 Series 7/800 running HP-UX releases 10.X and 11.X DAMAGE: Root access is possible. SOLUTION: Until patches are available disable the Aserver (see below). AVAILABILITY: This advisory will be updated when patches are available. ------------------------------------------------------------------------- I. A. Background A procedure to use /opt/audio/bin/Aserver to gain root access has been made public. B. Recommended solution Until a patch is available, the only two temporary fixes currently available are to disable /opt/audio/bin/Aserver by removing the file, or to remove execute permissions as follows. As root remove functionality with: chmod 400 /opt/audio/bin/Aserver As an alternative, if it is absolutely necessary to run the Aserver, it can be run - yet the system will be vulnerable while the Aserver is starting. Again as root: chmod 6555 /opt/audio/bin/Aserver [***Warning - /opt/audio/bin/Aserver is now vulnerable.***] /opt/audio/bin/Aserver -f [Wait for the parent and child processes to start.] chmod 400 /opt/audio/bin/Aserver [/opt/audio/bin/Aserver is now safe.] =============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://cert.surfnet.nl/ In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS Phone: +31 302 305 305 BUSINESS HOURS ONLY Fax: +31 302 305 329 BUSINESS HOURS ONLY Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES: THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU. =============================================================================== -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQA/AwUBOMTOXTSYjBqwfc9jEQIlygCfRpY6y8kRd8TuLMk4Mg+UcA2OR/QAoKu2 2B1uZ+lvAnzwxAHknwyPpZaL =IfHF -----END PGP SIGNATURE-----