COMMAND

    /usr/contrib/bin/nettune

SYSTEMS AFFECTED

    HP-UX

PROBLEM

    As shipped, the  HP-UX program /usr/contrib/bin/nettune  is SETUID
    root.

    When  SETUID  root,  nettune  allows  reconfiguration of ICMP, IP,
    and TCP  kernel parameters  by ANY  user.   The vulnerability  can
    result in a denial of service.

    nettune can reset any of the following parameters:

    % nettune -l
    arp_killcomplete = 1200 default = 1200 min = 60 max = 3600 units = seconds
    arp_killincomplete = 600 default = 600 min = 30 max = 3600 units = seconds
    arp_unicast = 300 default = 300 min = 60 max = 3600 units = seconds
    arp_rebroadcast = 60 default = 60 min = 30 max = 3600 units = seconds
    icmp_mask_agent = 0 default = 0 min = 0 max = 1
    ip_defaultttl = 255 default = 255 min = 0 max = 255 units = hops
    ip_forwarding = 0 default = 1 min = 0 max = 1
    ip_intrqmax = 50 default = 50 min = 10 max = 1000 units = entries
    pmtu_defaulttime = 20 default = 20 min = 10 max = 32768
    tcp_localsubnets = 1 default = 1 min = 0 max = 1
    tcp_receive = 32768 default = 32768 min = 256 max = 262144 units = bytes
    tcp_send = 32768 default = 32768 min = 256 max = 262144 units = bytes
    tcp_defaultttl = 64 default = 64 min = 0 max = 255 units = hops
    tcp_keepstart = 7200 default = 7200 min = 5 max = 12000 units = seconds
    tcp_keepfreq = 75 default = 75 min = 5 max = 2000 units = seconds
    tcp_keepstop = 600 default = 600 min = 10 max = 4000 units = seconds
    tcp_maxretrans = 12 default = 12 min = 4 max = 12
    tcp_urgent_data_ptr = 0 default = 0 min = 0 max = 1
    udp_cksum = 1 default = 1 min = 0 max = 1
    udp_defaultttl = 64 default = 64 min = 0 max = 255 units = hops
    udp_newbcastenable = 1 default = 1 min = 0 max = 1
    udp_pmtu = 0 default = 0 min = 0 max = 1
    tcp_pmtu = 1 default = 1 min = 0 max = 1
    tcp_random_seq = 0 default = 0 min = 0 max = 2