|
 |
CERT-NL | ||||
| Author/Source | : | Teun Nijssen | Index | : | S-00-01 | |
| Distribution | : | World | Page | : | 1 | |
| Classification | : | External | Version | : | 1 | |
| Subject | : | HP Aserver | Date | : | 01-Jan-2000 | |
|
|
CERT-NL | ||||
| Author/Source | : | Teun Nijssen | Index | : | S-00-01 | |
| Distribution | : | World | Page | : | 1 | |
| Classification | : | External | Version | : | 1 | |
| Subject | : | HP Aserver | Date | : | 01-Jan-2000 | |
By courtesy of HEWLETT-PACKARD COMPANY we received information on a vulnerability in /opt/audio/bin/Aserver CERT-NL recommends to disable the audio server and start the year, the century and the millennium silently after all that firework.
HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00108, 01 Jan 2000
PROBLEM: /opt/audio/bin/Aserver can be used to gain root access.
PLATFORM: HP9000 Series 7/800 running HP-UX releases 10.X and 11.X
DAMAGE: Root access is possible.
SOLUTION: Until patches are available disable the Aserver (see below).
AVAILABILITY: This advisory will be updated when patches are available.
I.
- Background
A procedure to use /opt/audio/bin/Aserver to gain root access has been made public.- Recommended solution
Until a patch is available, the only two temporary fixes currently available are to disable /opt/audio/bin/Aserver by removing the file, or to remove execute permissions as follows.
As root remove functionality with:
chmod 400 /opt/audio/bin/Aserver
As an alternative, if it is absolutely necessary to run the Aserver, it can be run - yet the system will be vulnerable while the Aserver is starting.
Again as root:chmod 6555 /opt/audio/bin/Aserver
[***Warning - /opt/audio/bin/Aserver is now vulnerable.***]
/opt/audio/bin/Aserver -f
[Wait for the parent and child processes to start.]
chmod 400 /opt/audio/bin/Aserver
[/opt/audio/bin/Aserver is now safe.]
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST).
All CERT-NL material is available under:
http://cert.surfnet.nl/
In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team).
CERT-NL is one/two hour(s) ahead of UTC
(GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
| Email: | cert-nl@surfnet.nl | ATTENDED REGULARLY ALL DAYS |
| Phone: | +31 302 305 305 | BUSINESS HOURS ONLY |
| Fax: | +31 302 305 329 | BUSINESS HOURS ONLY |
| Snailmail: | SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands |
. |
NOODGEVALLEN: 06 22 92 35 64 ALTIJD
BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING
WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER.
CERT-NL WILL THEN CONTACT YOU.
  |
|
||||||
