Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!usc!brutus.cs.uiuc.edu!apple!motcsd!hpda!hpcuhb!hp-ses!hpbbn!hpbbse!markl
From: markl@hpbbse.bbn.hp.com (Mark Lufkin)
Newsgroups: comp.sys.hp
Subject: Re: Security holes in HP-UX
Message-ID: <28670001@hpbbse.bbn.hp.com>
Date: 16 Jan 90 19:14:45 GMT
References: <6017@cps3xx.UUCP>
Organization: HP Boeblingen, Germany
Lines: 47

> We recently had a break-in on an HP 9000/320 that resulted in the lawbreaker
> having two bogus accounts, one of them a root account, from which s/he then
> proceeded to attack other machines on the Internet.
> 
> The lawbreaker was clearly experienced and left very little evidence. I
> believe the break-in probably occurred via ftp (the machine was set up as
> an anonymous ftp server) because little else was running on this machine
> (no YP, no NFS, no sendmail). We were running HP-UX 6.2 on this machine.
> 
> Are there sources of known security holes in HP-UX (and patches to same)?

	There are no list of security holes in HPUX (such things do not
	exist ... security holes, I mean :-) Anyway, what I would
	recommend here is that you remove . from your root PATH variable
	(if you have it in) as this a known "feature".

> Would upgrading this machine to a 6.5 or 7.0 "secure" machine offer me any

	Upgrading the system is not recommended. The recommended
	procedure is to install (you then have a completely new system
	with the correct permissions). The system should then be
	converted to a trusted system. The sys admin manuals have
	details of what to do. This is the recommended procedure.

> hope that the same method could not be used to break in again?

	Still remove . from the path. Upgrade won't help.
> 
> If you have something juicy to tell me you can reach me securely (as
> securely as anything these days) via root@frith.egr.msu.edu. I will
> summarize responses (discreetly) in a subsequent posting.

	I do know this really nice ... BOOK called:

	UNIX system security
	Wood and Kochan
	Hayden Books
	ISBN 0-8104-6267-2

tschuess,
Mark.

Mark Lufkin, CPS-EMC Boeblingen, West Germany

HP-UX mail:	markl@hpbbn, markl@hpbbse 	Hewlett-Packard GmbH
HPDESK:		HPB600/51			Herrenberger Str. 130
Phone:		0-7031-14-3633       		D-7030 Boeblingen