Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!tank!cps3xx!lees
From: lees@frith.egr.msu.edu (John Lees)
Newsgroups: comp.sys.hp
Subject: Security holes in HP-UX
Keywords: security
Message-ID: <6017@cps3xx.UUCP>
Date: 14 Jan 90 21:50:43 GMT
Sender: usenet@cps3xx.UUCP
Reply-To: lees@frith.egr.msu.edu (John Lees)
Organization: Michigan State University, College of Engineering
Lines: 24

We recently had a break-in on an HP 9000/320 that resulted in the lawbreaker
having two bogus accounts, one of them a root account, from which s/he then
proceeded to attack other machines on the Internet.

The lawbreaker was clearly experienced and left very little evidence. I
believe the break-in probably occurred via ftp (the machine was set up as
an anonymous ftp server) because little else was running on this machine
(no YP, no NFS, no sendmail). We were running HP-UX 6.2 on this machine.

Are there sources of known security holes in HP-UX (and patches to same)?
Would upgrading this machine to a 6.5 or 7.0 "secure" machine offer me any
hope that the same method could not be used to break in again?

If you have something juicy to tell me you can reach me securely (as
securely as anything these days) via root@frith.egr.msu.edu. I will
summarize responses (discreetly) in a subsequent posting.
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  O
 John Lees, Manager of Systems   A. H. Case Center for Computer      OoO
  and Network Software Services   Aided Engineering & Manufacturing  /O
     lees@frith.egr.msu.edu      College of Engineering              |
     ...!uunet!frith!lees        236 Engineering Building           (|)
     lees@msuegr.bitnet          Michigan State University           |  flower
     CompuServe 74106,1324       East Lansing, MI 48824-1226 USA   __|__ power
 "Violence is the last refuge of the incompetent" - Salvor Hardin