lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200306201856.OAA19809@hpfcme.alf.cpqcorp.net>
Date: Fri, 20 Jun 2003 14:55:58 -0400
From: security-alert@...com
To: bugtraq@...urityfocus.com
Subject: HP-UX pcltotiff


-----BEGIN PGP SIGNED MESSAGE-----

A bugtraq posting on July 9, 2003 mentions a
vulnerability in pcltotiff on HP-UX 10.XX.
This is the subject of the security bulletin
HPSBUX0104-149.  The main points are:

PROBLEM:   /opt/sharedprint/bin/pcltotiff has unsafe permissions.

PLATFORM:  HP9000 Series 700/800 running HP-UX releases 10.01,
           10.10, 10.20, and 10.26.


   A. Background

      /opt/sharedprint/bin/pcltotiff is in group bin with set group
      id permissions.  This is necessary to allow pcltotiff to read
      files in /usr/lib/X11/fonts/ifo.st/typefaces/.

   B. Fixing the problem

      Remove the set group id permissions from pcltotiff and
      allow read access to /usr/lib/X11/fonts/ifo.st/typefaces/.

   C. Recommended solution

      /sbin/chmod 555 /opt/sharedprint/bin/pcltotiff
      /sbin/chmod o+r /usr/lib/X11/fonts/ifo.st/typefaces/

 SOFTWARE SECURITY RESPONSE TEAM (SSRT)
 Hewlett-Packard Company
 HP Services


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQCVAwUBPvNXpUb+N2sIuD1FAQHQDAP/XFgnk/rDzf7waXFX4e4Z4xVcgvl/kBiQ
5CDQhgaJ4vkphaZjeN0QcRvwjBjLB6aJ22kcS+y5LJ2/AeBrocRJEPiE2xuaVrXs
7vRfBLXYTMEFtOq6NxHtfCljq2Js2f4gjjXRCzn5BxDU8JYJfhyk3xRvKKxv1clB
TjLuX5FcJII=
=pykc
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ