OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Boren, Rich (SSRT) (Rich.BorenCOMPAQ.com)
Date: Tue Oct 30 2001 - 15:21:52 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

        NO RESTRICTION FOR DISTRIBUTION
     PROVIDED THE ADVISORY REMAINS INTACT

     TITLE: (SSRT0738) OpenVMS Security Mandatory Update, OVMSMUP03

     SOURCE: Compaq Computer Corporation
             Software Security Response Team

    COMPONENT IMPACT: DECwindows Motif Server

     X-REF: None

     October 30, 2001

     "Compaq is broadly distributing this Security Advisory to
     notify all users of Compaq products of the important security
     information contained in this Advisory. Compaq recommends that
     all users determine the applicability of this information to
     their individual situations and take appropriate action. Compaq
     does not warrant that this information is necessarily accurate or
     complete for all user situations and, consequently, Compaq
     will not be responsible for any damages resulting from user's use
     or disregard of the information provided in this Advisory."

     IMPACT:

     This fix was implemented in response to a recent report of a
     problem where systems running OpenVMS Alpha, OpenVMS VAX,
     SEVMS VAX or SEVMS Alpha with the DECwindows Motif Server
     installed have a potential security vulnerability.
     This vulnerability could be exploited to allow existing users
     unauthorized access to data and system resources.

     o OpenVMS Alpha Version 6.2 and all associated hardware
       releases (for example, Version 6.2-1H1)

     o OpenVMS Alpha Version 7.1-2

     o OpenVMS Alpha Version 7.2-1H1

     o OpenVMS Alpha Version 7.2-2

     o OpenVMS Alpha Version 7.3

     o OpenVMS VAX Version 6.2

     o OpenVMS VAX Version 7.1

     o OpenVMS VAX Version 7.2

     o OpenVMS VAX Version 7.3

     o SEVMS Alpha Version 6.2

     o SEVMS VAX Version 6.2

     NOTE

    OpenVMS VAX Version 5.5-2 is not subject to this potential
    security vulnerability.

     RESOLUTION:

     This potential security problem has been resolved and
     patches for this problem have been made available for the
     affected versions listed above.

     NOTE: This is a mandatory update for the affected OpenVMS
     VAX and Alpha environments with the DECwindows Motif Server
     installed.

     Installation of the DECwindows Motif Server is optional
     during the installation of the OpenVMS Operating System. You can
     verify whether or not the DECwindows Motif Server has been
     installed on your system using the following command:

    $ DIRECTORY SYS$LIBRARY:DECW$*.EXE

     If no DECW$*.EXE files are present on your system, the
     DECwindows Motif Server is not installed on your system and
     you do not need to apply this mandatory update.

    ********** IMPORTANT **********

    If the DECwindows Motif Server is not installed on your
    system you do NOT need to apply this mandatory update.

     A CD-ROM containing the patches has been automatically
     shipped to VAX and Alpha customers with update services.

     In addition, the patches are available from the World Wide
     Web at the following address:

    <http://www.support.compaq.com/patches

     PATCH FILE NAMES:

     o ALPHA

     DEC-AXPVMS-VMS73_DW_MOT_MUP-V0100-4.PCSI
     DEC-AXPVMS-VMS722_DW_MOT_MUP-V0100-4.PCSI
     DEC-AXPVMS-VMS721H1_DW_MOT_MUP-V0100-4.PCSI
     DEC-AXPVMS-VMS721_DW_MOT_MUP-V0100-4.PCSI
     DEC-AXPVMS-VMS712_DW_MOT_MUP-V0100-4.PCSI
     ALPDWMOTMUP01_062

     o VAX

     VAXDWMOTMUP01_073
     VAXDWMOTMUP01_072
     VAXDWMOTMUP01_071
     VAXDWMOTMUP01_062

     o SEVMS

     SE_VAXDWMOTMUP01_062
     SE_ALPDWMOTMUP01_062

     For WEB Site kits: Use the FTP access option, select VMS
     then either the VAX or AXP directory, then choose the appropriate
     version directory and download the patch as identified in
     the applicable .HTML file accordingly.

     Note: Please review the README file(s) for each patch prior
     to installation.

     Non-service customers who can not access the WEB Site kits,
     should contact their local Compaq Sales Office to order a
     CD-ROM containing the patches. The part number for the CD-ROM
     is QA-MT3AA-T8. There will be a charge for shipping and
     handling.

     After completing the update, Compaq strongly recommends that
     you perform an immediate backup of your system disk so that
     any subsequent restore operations begin with updated
     software. Otherwise, you must reapply the update after a future
     restore operation. Also, if at some future time you upgrade your
     system to one of the versions of OpenVMS or SEVMS listed, you must
     reapply the update.

     Additional Considerations:

     If you need further information, please contact your normal
     Compaq Service support channel.

     Compaq appreciates your cooperation and patience. We regret
     any inconvenience applying this information may cause. As
     always, Compaq urges you to periodically review your system
     management and security procedures. Compaq will continue to
     review and enhance the security features of its products and
     work with customers to maintain and improve the security
     and integrity of their systems.

     Copyright 2001 Compaq Computer Corporation. All rights reserved.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0.1

    iQA/AwUBO98aCznTu2ckvbFuEQJHCwCeMqyf/8TLcahaQCTLeA5jUm84eqIAoNdE
    Q8QC3RrVcEwKJvES5DTir7sv
    =xzXa
    -----END PGP SIGNATURE----- 

    ---