TUCoPS :: HP/UX :: bt451.txt

HP-UX pcltotiff 


-----BEGIN PGP SIGNED MESSAGE-----

A bugtraq posting on July 9, 2003 mentions a
vulnerability in pcltotiff on HP-UX 10.XX.
This is the subject of the security bulletin
HPSBUX0104-149.  The main points are:

PROBLEM:   /opt/sharedprint/bin/pcltotiff has unsafe permissions.

PLATFORM:  HP9000 Series 700/800 running HP-UX releases 10.01,
           10.10, 10.20, and 10.26.


   A. Background

      /opt/sharedprint/bin/pcltotiff is in group bin with set group
      id permissions.  This is necessary to allow pcltotiff to read
      files in /usr/lib/X11/fonts/ifo.st/typefaces/.

   B. Fixing the problem

      Remove the set group id permissions from pcltotiff and
      allow read access to /usr/lib/X11/fonts/ifo.st/typefaces/.

   C. Recommended solution

      /sbin/chmod 555 /opt/sharedprint/bin/pcltotiff
      /sbin/chmod o+r /usr/lib/X11/fonts/ifo.st/typefaces/

 SOFTWARE SECURITY RESPONSE TEAM (SSRT)
 Hewlett-Packard Company
 HP Services


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQCVAwUBPvNXpUb+N2sIuD1FAQHQDAP/XFgnk/rDzf7waXFX4e4Z4xVcgvl/kBiQ
5CDQhgaJ4vkphaZjeN0QcRvwjBjLB6aJ22kcS+y5LJ2/AeBrocRJEPiE2xuaVrXs
7vRfBLXYTMEFtOq6NxHtfCljq2Js2f4gjjXRCzn5BxDU8JYJfhyk3xRvKKxv1clB
TjLuX5FcJII=
=pykc
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH