[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200306201856.OAA19809@hpfcme.alf.cpqcorp.net>
Date: Fri, 20 Jun 2003 14:55:58 -0400
From: security-alert@...com
To: bugtraq@...urityfocus.com
Subject: HP-UX pcltotiff
-----BEGIN PGP SIGNED MESSAGE-----
A bugtraq posting on July 9, 2003 mentions a
vulnerability in pcltotiff on HP-UX 10.XX.
This is the subject of the security bulletin
HPSBUX0104-149. The main points are:
PROBLEM: /opt/sharedprint/bin/pcltotiff has unsafe permissions.
PLATFORM: HP9000 Series 700/800 running HP-UX releases 10.01,
10.10, 10.20, and 10.26.
A. Background
/opt/sharedprint/bin/pcltotiff is in group bin with set group
id permissions. This is necessary to allow pcltotiff to read
files in /usr/lib/X11/fonts/ifo.st/typefaces/.
B. Fixing the problem
Remove the set group id permissions from pcltotiff and
allow read access to /usr/lib/X11/fonts/ifo.st/typefaces/.
C. Recommended solution
/sbin/chmod 555 /opt/sharedprint/bin/pcltotiff
/sbin/chmod o+r /usr/lib/X11/fonts/ifo.st/typefaces/
SOFTWARE SECURITY RESPONSE TEAM (SSRT)
Hewlett-Packard Company
HP Services
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
iQCVAwUBPvNXpUb+N2sIuD1FAQHQDAP/XFgnk/rDzf7waXFX4e4Z4xVcgvl/kBiQ
5CDQhgaJ4vkphaZjeN0QcRvwjBjLB6aJ22kcS+y5LJ2/AeBrocRJEPiE2xuaVrXs
7vRfBLXYTMEFtOq6NxHtfCljq2Js2f4gjjXRCzn5BxDU8JYJfhyk3xRvKKxv1clB
TjLuX5FcJII=
=pykc
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists