COMMAND

    subnetconfig

Systems Affected

    HP 9000 Series 300, 400, 700, 800 running HP-UX 9.0/9.01. No prior
    versions or versions subsequent to the above (9.03, etc.), 10.X.

PROBLEM

    A vulneravility  exist in  certain versions  of subnetconfig  that
    allow existing  users on  a system  to increase  their privileges.
    The vulnerability is the result of subnetconfig being setuid  root
    and running cat with not full path name.

SOLUTION

    Apply patch  PHNE_3563 (series  300/400, HP-UX  9.0) or  PHNE_3564
    (series 700/800, HP-UX 9.0/9.01 ONLY)

    For 10.X
    The subnetconfig batch file is for setting the subnet behavior  of
    a  system.   Only  root  can  actually  change the behavior, but a
    normal user  is able  to view  the current  setting by running the
    program without  arguments. A  previous problem  with subnetconfig
    was  described  in  HP  Security  Advisory 9402-003, but the patch
    file only  applies to  HP-UX versions  9.0 and  9.01. The  current
    problem is not fixed by that patch. A workaround for this  problem
    is to change  the permissions of  /etc/subnetconfig to owner  only
    access, clear  the suid  bit and  check that  /etc/subnetconfig is
    owned by root.   Normal users will no  longer be able to  view the
    current  setting  but  the  system  manager  will still be able to
    change the setting when logged in as root.