Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

Security Vulnerability in HP GlancePlus
HPSBUX9405-011
Published: 1994-05-04 00:00:00
Updated: 1994-05-04 00:00:00


-----------------------------------------------------------------------
      HEWLETT-PACKARD SECURITY BULLETIN: #00011, 04 May 94
-----------------------------------------------------------------------

_______________________________________________________________________
PROBLEM:  Security vulnerability in product executables for HP GlancePlus
          product revision B.09.00 and all earlier revisions, on all
          releases of HP-UX.
PLATFORM: HP 9000 series 300/400s and 700/800s.
DAMAGE:   A vulnerability exists in the GlancePlus product which allows
          non-root users who can execute glance or gpm to gain root
          privileges.
SOLUTION: Obtain and apply fix as outlined below.  For HP-UX 9.X a new
          version of Glance is available in the April 1994 Application
          release which addresses the problem.  All customers on support
          should already have access to the fixed release.
AVAILABILITY: The fix is currently available.
_______________________________________________________________________

I. Glance Update

   A. Problem

   A vulnerability exists in the /usr/perf/bin programs Glance and gpm
   revisions prior to and including B.09.00 (for series 700/800 systems),
   and in the /usr/perf/bin/glance program revision prior to and including
   A.09.06 (for series 300/400 systems).  The vulnerability allows non-
   root users to gain access to files regardless of ownership and
   permissions.  This could be exploited to gain root-level access.

   B. Fixing the problem

   The problem can be eliminated by installing the latest release of the
   product, which contains a version of glance and gpm revision B.09.01
   or greater (for series 700/800 systems) or glance revision A.09.07 or
   greater (for series 300/400 systems).  The GlancePlus version can be
   determined on 9.X systems using the command "what /usr/perf/bin/glance"

   PLATFORM  OS        GLANCE ver.         Action
   --------  --------  -----------         ---------------
   300/400   HPUX 8.X  all                 No patch currently available
             HPUX 9.X  A.09.06 or earlier  Update to GlancePlus A.09.07
             HPUX 9.X  A.09.07             None
   700/800   HPUX 8.X  all                 No patch currently available
             HPUX 9.X  A.X or B.09.00      Update to GlancePlus B.09.01
             HPUX 9.X  B.09.01             None

   There is currently no fix available for glance on HP-UX 8.X.  Users on
   8.X releases are advised to use the workaround below.

   The GlancePlus product for HP-UX 9.X has been released on the HP-UX
   Application Software Release CD for April 1994.  All customers with
   software support for HP GlancePlus should have access to the latest
   GlancePlus release media containing the fix.  If for some reason you
   do not have access to the latest media, contact your HP Response
   Center.

   Hewlett-Packard recommends that all GlancePlus customers concerned
   with the security of their HP-UX systems update from the April release
   media as soon as possible.

   As a workaround until the update can be applied, you may execute the
   following commands as the root user in order to restrict access to
   the product to only the root user:

     chmod 744 /usr/perf/bin/glance
     chmod 744 /usr/perf/bin/gpm

   NOTE: The gpm program file will only exist on your system if you
         have installed revision B.09.00, or later of the GlancePlus
         product.

   NOTE: On 8.X systems, the glance executable is /usr/bin/rxux/glance.

-----------------------------------------------------------------------
To subscribe to automatically receive NEW future HP Security Bulletins
from the HP SupportLine mail service via electronic mail, send the
following in the TEXT PORTION OF THE MESSAGE to
support@support.mayfield.hp.com (no Subject is required):

   subscribe security_info

To retrieve the index of all HP Security Bulletins, send the following:

   send security_info_list

To obtain a copy of the HP SupportLine mail service user's guide,
send the following:

   send guide.txt


For security concerns, write to:

        security-alert@hp.com

_______________________________________________________________________







 

Privacy Statement
Copyright 2008, SecurityFocus