COMMAND

    rwrite/rlpdaemon

SYSTEMS AFFECTED

    HP-UX 9.X, 10.X

PROBLEM

    Following is based on  RSI Alert Advisory #3.   This was found  by
    Bwana Brian.   If a  user has  an hpterm  session logged  in to an
    HP-UX that is running rlpdaemon, it is possible for an attacker to
    remotely compromise the active account.

    By  sending  carefully  selected  packets  to  the  rlpdaemon,  an
    attacker can  force a  user's terminal  to display  a message that
    contains escape  sequences with  embedded commands  that reprogram
    the soft-keys of the  hpterm, allowing for arbitrary  playback and
    key remapping.   The user does  not need to  have 'mesg y'  on for
    this to happen.  This problem is present in any HP-UX running  the
    current version of rlpdaemon.

SOLUTION

    No  patches  are  currently  available.   Disable  rlpdaemon until
    Hewlett-Packard can provide a patch.