Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!spool.mu.edu!uunet!pmafire!mica.inel.gov!sapphire!alex From: alex@sapphire.idbsu.edu (Alex Feldman) Newsgroups: comp.sys.hp Subject: Re: Security hole in HP-UX Keywords: security HP-UX login Message-ID: <1991Feb21.160619.11663@sapphire.idbsu.edu> Date: 21 Feb 91 16:06:19 GMT References: <1581@gufalet.let.rug.nl> Organization: Boise State University Lines: 28 In article <1581@gufalet.let.rug.nl> ton@let.rug.nl (Ton Roovers) writes: > >Some months ago I converted our HP-UX 7.0 systems to 'secure systems'. >Only last week one of 'my' users discovered (by pure accident), that >by making a mistake in entering his username (in login) he was logged >in as ROOT! (I think it is not wise to state the exact procedure here). > [stuff deleted] > >You could have this problem too, if you are running HP-UX 6.5 (on 300's) >or 7.0 (on 300's and 800's) with the original login AND you converted >to 'secure system'. Please contact your CRC, not me: I'm still busy >checking if someone in the last months actually USED this hole in my >systems :-( > It happened to us on 7.03. They were pretty quick about getting us a tape with the fix. Sure can ruin your day, though. What happens to people who don't have software support?? -- --alex alex@opal.idbsu.edu Boise State University doesn't have any opinions. Therefore, these are not the opinions of Boise State University. Brought to you by Super Global Mega Corp .com