TUCoPS :: HP/UX :: igniteux.htm

HP-UX 11.xx Ignite-UX /etc/passwd bug 
Vulnerability

    Ignite-UX

Affected

    HP-9000 Series700/800 running release HP-UX 11.X only

Description

    Following is  based on  HP Support  Information Digests.   Trusted
    systems  may  have   vulnerabilities  if  a   password  field   in
    /etc/passwd is blank.

    Each password  field in  /etc/passwd should  be "*"  in a  trusted
    system.   This is  normally handled  automatically.   One way  for
    the password  field to  be set  to a  blank is  to create a system
    image of a trusted system with Ignite-UX and not save /etc/passwd.
    By default Ignite-UX omits /etc/passwd.

Solution

    In a trusted system if the system or the /etc/passwd file has been
    restored, verify that the password fields in /etc/passwd are  "*".
    If  Ignite-UX  is  used  to  create  an image of a trusted system,
    _override_the_default_ so that /etc/passwd is saved in the  image.
    See man(1M) make_sys_image and note the -f file option.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH