COMMAND

    sam (outdata)

SYSTEMS AFFECTED

    HpUX 10.x

PROBLEM

    David Hyams  noticed following  which can  be used  as potent DoD.
    You  can  find  in  the  /var/tmp directory file called "outdata".
    This file is written to  by sam when the user  selects "Networking
    and Communication"  followed by  "Internet Addresses"  or "Network
    Information Service" (and probably others too).

    So,  if  I   make  a  symbolic   link  from  /var/tmp/outdata   to
    /.rhosts (say), and wait for the sys-admin to run sam to configure
    networking, you can  get a   /.rhosts file. Admittedly  this isn't
    too  interesting  as  the  file  doesn't  have the famous "+ +" in
    it.  However, if   your sysadmin  happens to   have umask  set  to
    0  then  you've  now  got  a  world writable /.rhosts file.  (This
    isn't as  unusual as  it sounds,  try an  rlogin to  a remote host
    running HP-UX and check your umask. Chances are it's 00).

    For DoS seekers link to any  file you want won't work as  sam only
    appends to  the file,  it doesn't  truncate it.   However, link to
    /etc/nologin will be fine.

SOLUTION

    Nothing from HP yet.   If you feel you  should do something  about
    it, remove execute permissions.