[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Security Vulnerabilities in HP Remote Watch

Title: Security Vulnerabilities in HP Remote Watch
Released by: HP
Date: 24th October 1996
Printable version: Click here

Document Id: [HPSBUX9610-039]

Date Loaded: [10-24-96]

Description: Security Vulnerabilities in HP Remote Watch


- -------------------------------------------------------------------------

      HEWLETT-PACKARD SECURITY ADVISORY: #000039, 24 October 1996

- -------------------------------------------------------------------------

Hewlett-Packard recommends that the information in the following

Security Advisory should be acted upon as soon as possible. Hewlett-

Packard will not be liable for any consequences to any customer 

resulting from customer's failure to fully implement instructions in this

Security Advisory as soon as possible.

Permission is granted for copying and circulating this advisory to

Hewlett-Packard (HP) customers (or the Internet community) for the

purpose of alerting them to problems, if and only if, the advisory is

not edited or changed in any way, is attributed to HP, and provided such

reproduction and/or distribution is performed for non-commercial


Any other use of this information is prohibited. HP is not liable

for any misuse of this information by any third party.


PROBLEM:  Vulnerability in HP Remote Watch in 9.X releases of HP-UX

PLATFORM: HP 9000 series 300/400/700/800s

DAMAGE:   Vulnerabilities in HP Remote Watch exists allowing users to

          gain additional privileges.

SOLUTION: Do not use Remote Watch.


I. Remote Watch Update

   A. Problem description

   A recent mailing list disclosure described two vulnerabilities in

   which HP Remote Watch allows unauthorized root access. The first was

   via a socket connection on port 5556.  The second was as a result of

   using the showdisk utility, which is part of the Remote Watch product.

   It has been found that HP9000 Series 300, 400, 700, and 800 systems

   running only HP-UX Release 9.X have this vulnerability.

   B. Fixing the problem

   This vulnerability can only be eliminated from releases 9.X of HP-UX

   which are using Remote Watch by disabling the entire product.  The

   default location for this product is /usr/remwatch/   .

   Removal can be accomplished (as root) with the following:

   NOTE: Do not run the standard rmfn command as HP has discovered

   problems with its inability to handle programs with active executables.

   Instead, run (with no options):


   This runs a Remote Watch script called "unconfigure" to stop actively

   running programs, then proceeds to remove all files including the


   The administrator should also perform both of the following steps:

     1.  Remove or comment out the following entry in /etc/inetd.conf


    rwdaemon stream tcp nowait root /usr/remwatch/bin/rwdaemon rwdaemon

     2.  Have inetd re-read its configuration file by executing at the


    inetd -c

   This is the official recommendation from Hewlett-Packard Company.

   C. Current product status

   Remote Watch was last released from the labs in August of 1993.

   In December 1994 customers were informed of pending product

   obsolescence.   Hewlett-Packard recommends that all customers

   concerned with the security of their HP-UX systems with Remote

   Watch configured on it perform the actions described herein as

   soon as possible.  Again, no patches will be available for any

   versions of HP-UX.

   Since the functionality of HP Remote Watch software has now been

   replicated in other tools that handle system management more

   effectively there is no longer a sufficient need for HP Remote

   Watch.  Most of the functionality is now provided by the Systems

   Administration Manager (SAM) tool, available at no charge as part

   of the HP-UX operating system, or by the HP OpenView

   OperationsCenter application.

   If further assistance is desired please contact your HP Support


   D. HP SupportLine

   To subscribe to automatically receive future NEW HP Security

   Bulletins from the HP SupportLine mail service via electronic mail,

   send an email message to:

          support@us.external.hp.com   (no Subject is required)

   Multiple instructions are allowed in the TEXT PORTION OF THE MESSAGE,

   here are some basic instructions you may want to use:

   To add your name to the subscription list for new security bulletins,

   send the following in the TEXT PORTION OF THE MESSAGE:

          subscribe security_info

   To retrieve the index of all HP Security Bulletins issued to date,

   send the following in the TEXT PORTION OF THE MESSAGE:

          send security_info_list

   To get a patch matrix of current HP-UX and BLS security patches

   referenced by either Security Bulletin or Platform/OS, put the

   following in the text portion of your message:

          send hp-ux_patch_matrix

   World Wide Web service for browsing of bulletins is available via

   our URL:


          Choose "Support news", then under Support news,

          choose "Security Bulletins"

   E. To report new security vulnerabilities, send email to


   Please encrypt exploit information using the security-alert PGP

   key, available from your local key server, or by sending a

   message with a -subject- (not body) of 'get key' (no quotes) to



(C) 1999-2000 All rights reserved.