-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate: MIICozCCAgwCAREwDQYJKoZIhvcNAQECBQAwgYYxC
 zAJBgNVBAYTAlVTMSswKQYDVQQKEyJEZWZlbnNlIEluZm9ybWF0aW9uIFN5c3Rlb
 XMgQWdlbmN5MTAwLgYDVQQLEydDZW50ZXIgZm9yIEluZm9ybWF0aW9uIFN5c3Rlb
 XMgU2VjdXJpdHkxGDAWBgNVBAsTD0NvdW50ZXJtZWFzdXJlczAeFw05MzEyMDkxO
 DU5MTZaFw05NTEyMDkxODU5MTZaMIGxMQswCQYDVQQGEwJVUzErMCkGA1UEChMiR
 GVmZW5zZSBJbmZvcm1hdGlvbiBTeXN0ZW1zIEFnZW5jeTEwMC4GA1UECxMnQ2Vud
 GVyIGZvciBJbmZvcm1hdGlvbiBTeXN0ZW1zIFNlY3VyaXR5MRgwFgYDVQQLEw9Db
 3VudGVybWVhc3VyZXMxEzARBgNVBAsTCk9wZXJhdGlvbnMxFDASBgNVBAMTC1Bld
 GUgSGFtbWVzMIGaMAoGBFUIAQECAgQAA4GLADCBhwKBgQDFFJkcaDOuS+6Ai2vmT
 bwY6JRbhdzPsl6X60hnXruOw2WvrAhc8BTFB+id75m3M55i+Th6MxWH20QHyQq5u
 yVghOu/s37OxIrj7irNPjtUdPv8b2m4hNGEW53QH6GmXkxLmgLzOhookpoYPC+uw
 2MzibDnleVI50d2m//XsWs7hwIBAzANBgkqhkiG9w0BAQIFAAOBgQDHH6CmBoyWU
 zPlqVnEWYKIBsifqdTJzkKfnoST7NDRIakUP49FP86Cyy1+2AKpUCWaxjq+wGHCH
 RCNFCCrOwdC9z8XwJal/c69ml6eLRhOoX77ANndpU9E5+eHxP+6Ute6lc63K7+Lz
 5xOULjmgaMmKDkTXveVcQO6R2CTY37vcA==
Issuer-Certificate: MIICNTCCAZ4CASIwDQYJKoZIhvcNAQECBQAwRDELMAkGA
 1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZm9ybWF0a
 W9uIFN5c3RlbXMgUENBMB4XDTk0MDIyNTE0NDkxMloXDTk0MDMwNzE0NDkxMlowg
 YYxCzAJBgNVBAYTAlVTMSswKQYDVQQKEyJEZWZlbnNlIEluZm9ybWF0aW9uIFN5c
 3RlbXMgQWdlbmN5MTAwLgYDVQQLEydDZW50ZXIgZm9yIEluZm9ybWF0aW9uIFN5c
 3RlbXMgU2VjdXJpdHkxGDAWBgNVBAsTD0NvdW50ZXJtZWFzdXJlczCBmjAKBgRVC
 AEBAgIEAAOBiwAwgYcCgYEA19l6BN7iTGYEU61qJETIjBh3iAeHzoL8sZ5KwFRZD
 S/a1KnYlD1zJHR/KeQCOBWW2HzX43TFLCNGU7UD9i6m8AymLe5IJf/bGh0Rne7Jd
 Q1GAOLw7/J4hE57IMbGETZpzeU1D9IYxiERRNio/oa422lUlS9JZHLA5jaPNcUrX
 P8CAQMwDQYJKoZIhvcNAQECBQADgYEApkliqAdudoOxvOFmQkOZbSgtlpn61VcNC
 R7azDNJa2ulevaebptwSTs2OvMeuR/J0Ez4TC7XrJXLVjI5huRAqc+EWGRpZYRMa
 CARZyE7gGYjUqS7DIQazfskeWiB8zheyW5tCVn+jnB09AZXtgbM6qRjyqrmSdCpg
 CtfgazIKqI=
Issuer-Certificate: MIIB8jCCAVsCAQEwDQYJKoZIhvcNAQECBQAwRDELMAkGA
 1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZm9ybWF0a
 W9uIFN5c3RlbXMgUENBMB4XDTkzMDUyODE3MTEyN1oXDTk1MDUyODE3MTEyN1owR
 DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZ
 m9ybWF0aW9uIFN5c3RlbXMgUENBMIGaMAoGBFUIAQECAgQAA4GLADCBhwKBgQDbL
 xaRlS3u54yyRgVDI5dcE9nlasL8fJqOGlyo7xH2FZnr3kUfsFj7OGiYsr6UbvqwK
 nyfMIRUrXDUa64leGmft3SK27psDUHOynRSCc40d/HrDf810U5tnTamBKUIMqivK
 4GoL0tMRA1eX6hALAvLLgK1HbnwZAo6GqQGW8CIJQIBAzANBgkqhkiG9w0BAQIFA
 AOBgQDBp5aC6oV6IuFi8JCctq57bew604HHNllgjjp7zdXafq6jctRg2g91k/yFW
 h19bJC/tNrb0WVwuZOs5L/FToPMNIIHzaW/YSROBmyhTDYaKHZGj0P1+iNjMbHt9
 dm1QEHGIfKgBwFidItnOa74DfkXdijlPRnr/+E2Ib6PM+hEfQ==
MIC-Info: RSA-MD5,RSA,ZlE+dSpT0vY9+W74IpooATT3yxkOP0xcWNw9UwxOhZS
 OzMibDOQgsrhtWxHTDhDazQQ+s9Xz/pFBqf9RDZoww1DkA6YZcsRn5gs+P6vh1dV
 nCPr56eYLj1MzDMxubEkHQ0u1i8EjyZoPNOp7224Ujn7rE339bFOD7i4A0Z3aMDs
 =


<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
    
          Automated Systems Security Incident Support Team
                                                _____
             ___   ___  _____   ___  _____     |     /
      /\    /   \ /   \   |    /   \   |       |    / Integritas
     /  \   \___  \___    |    \___    |       |   <      et
    /____\      \     \   |        \   |       |    \ Celeritas
   /      \ \___/ \___/ __|__  \___/   |       |_____\
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
    
                       Bulletin  95-04
 
       Release date: 13 February, 1995, 09:15 AM EST (GMT -4)
 
SUBJECT: HP-UX Remote Watch vulnerabilities.

SUMMARY: Security vulnerabilities in HP-UX Remote Watch can be used to
increase access privileges of users.

BACKGROUND: The vulnerability in Remote Watch is contained in the
WATCH-RUN fileset for releases of HP-UX.  

IMPACT: This vulnerability can allow users to increase their access
privileges which may result in system compromise.  All HP 300/400 and 
700/800 series machines running HP-UX 8.x or 9.x which have Remote 
Watch installed are affected. 
 
RECOMMENDED SOLUTION:  Obtain and install the appropriate patch.
HP has an automatic server to allow patches and other security
information to be retrieved over the Internet.  To utilize this 
server, send an e-mail message to support@support.mayfield.hp.com.  
The subject line of the message is ignored and the body (text) of 
the message should contain the words

send XXXX

where XXXX is the identifier for the information you want retrieved.
For example, to retrieve the patch PHSS_4834, the message would be 
"send PHSS_4834".

Other information that can be retrieved include the HP SupportLine
mail service user's guide (send guide.txt), the readme file for a 
patch and the original HP bulletin (send doc HPSBUX9501-020).

HP also has a World Wide Web server to browse and retrieve bulletins
and patches.  To utilize this server, use a WWW client and connect to
http://support.mayfield.hp.com.

IMPORTANT NOTE: Hewlett Packard updates patches periodically.  These
updates are not reflected in the text of each HP bulletin.  The 
overview presented here contains current information on the patches 
available at the time of the release of this CIAC bulletin.  If you 
request an updated patch, when you try to retrieve the patch you will 
receive a message stating that the patch is obsolete and the name of 
the patch which supersedes it.  Hewlett Packard has made sum and MD5 
checksums available for their patches and for their security bulletins.  
See the detailed explanation for HPSBUX9408-016 in ASSIST 94-37 for 
information on how to access and utilize these checksums.

The patch to install to correct the Remote Watch problem depends on
which operating system version and machine series you are currently 
using.  Use the following table to determine which patch to retrieve 
and install:

Operating System        Series  Apply patch

HP-UX 8.x               800     PHSS_5185
HP-UX 9.x               800     PHSS_5136
HP-UX 8.x               700     PHSS_5180
HP-UX 9.x               700     PHSS_5107
HP-UX 8.x               300/400 PHSS_5168
HP-UX 9.x               300/400 PHSS_5120

Obtain necessary patches, and install per the installation
instructions included with the patches.  After the patch is installed, 
be sure to examine /tmp/update.log for any relevant WARNINGs or ERRORs.  
This can be done by typing "tail -60 /tmp/update.log | more", then 
paging through the screens via the space bar, looking for WARNING or 
ERROR messages.

ASSIST would like to thank the DOE CIAC for information contained in
this bulletin.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ASSIST is an element of the Defense Information Systems Agency 
(DISA), Center for Information Systems Security (CISS), that 
provides service to the entire DoD community. Constituents 
of the DoD with questions about ASSIST or computer security 
security issues, can contact ASSIST using one of the methods
listed below.  Non-DoD organizations/institutions, contact
the Forum of Incident Response and Security Teams (FIRST)
(FIRST) representative.  To obtain a list of FIRST member
organizations and their constituencies send an email to
docserver@first.org with an empty "subject" line and a message body
containing the line "send first-contacts".

ASSIST Information Resources: To be included in the distribution
list for the ASSIST bulletins, send your Milnet (Internet) e-mail
address to assist-request@assist.mil.  Back issues of ASSIST 
bulletins, and other security related information, are available
from the ASSIST BBS at 703-756-7993/1154 DSN 289-7993/1154,
and through anonymous FTP from assist.mil (IP address
199.211.123.11).  Note: assist.mil will only accept anonymous FTP
connections from Milnet addresses that are registered with the
NIC or DNS.
 
ASSIST Contact Information: 
PHONE: 800-357-4231 (or 703-756-7974 DSN 289), duty hours are 06:00
to 22:30 EDT (GMT -4) Monday through Friday.  During off duty hours, 
weekends and holidays, ASSIST can be reached via pager at 800-791-
4857.  The page will be answered within 30 minutes, however if a 
quicker response is required, prefix the phone number with "999".
ELECTRONIC MAIL: Send to assist@assist.mil. 
ASSIST BBS: Leave a message for the "sysop". 
  
Privacy Enhanced Mail (PEM): ASSIST uses PEM, a public key   
encryption tool, to digitally sign all bulletins that are   
distributed through e-mail.  The section of seemingly random   
characters between the "BEGIN PRIVACY-ENHANCED MESSAGE" and   
"BEGIN ASSIST BULLETIN" contains machine-readable digital   
signature information generated by PEM, not corrupted data.  PEM
software for UNIX systems is available from Trusted Information
Systems (TIS) at no cost, and can be obtained via anonymous FTP
from ftp.tis.com (IP 192.94.214.96).  Note: The TIS software is
just one of several implementations of PEM currently available and
additional versions are likely to be offered from other
sources in the near future. 
  
Reference herein to any specific commercial product, process, or
service by trade name, trademark manufacturer, or otherwise, does
not constitute or imply its endorsement, recommendation, or
favoring by ASSIST.  The views and opinions of authors expressed
herein shall not be used for advertising or product endorsement
purposes. 

-----END PRIVACY-ENHANCED MESSAGE-----