Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Security Bulletin SSRT3608 OpenVMS Potential security vulnerability with DCE/COM
From: Webb, Nigel (SSRT) (nigelwebbhp.com)
Date: Tue Sep 16 2003 - 11:10:49 CDT
-----BEGIN PGP SIGNED MESSAGE-----
SSRT3608 - OpenVMS Potential security vulnerability
NOTICE: There are no restrictions for distribution of this Bulletin
provided that it remains complete and intact.
RELEASE DATE: 12 September 2003
SOURCE: HEWLETT-PACKARD COMPANY
Software Security Response Team
REFERENCE: CERT VU#377804, Microsoft MS03-026
A potential security vulnerability has been identified with
HP OpenVMS running the Distributed Computing Environment
(DCE) or Component Object Model (COM) where a remote user
may cause a buffer overflow, resulting in the DCE or COM applications
to become unresponsive. This vulnerability may also be exploited in
the DCE/RPC environment in association with the Blaster worm network
All currently supported versions of HP OpenVMS including
V6.2, V6.2-1H1, V6.2-1H2, V6.2-1H3, V7.1, V7.2, V7.2-1H1, V7.2-1H2,
V7.2-2, V7.3, V7.3-1 VAX or Alpha running Distributed Computing
Environment (DCE) or Component Object Model (COM) applications.
For HP OpenVMS systems running DCE or COM applications,
apply the following patches:
HP OpenVMS Alpha Versions V6.2, V6.2-1H1, V6.2-1H2,
V6.2-1H3, V7.1, V7.2, V7.2-1H1, V7.2-1H2, V7.2-2, V7.3,
V7.3-1 running DCE (RPC)
HP OpenVMS VAX Versions V6.2, V7.1, V7.2, V7.3 running
HP OpenVMS Alpha Versions V7.2-2, V7.3, V7.3-1 running
The above patches can be obtained from HP's IT Resource
Center (ITRC): http://www.itrc.hp.com
- From the ITRC home page use the link to: 'maintenance and support for
HP products' and from there use the link to: 'individual patches'.
SUPPORT: For further information, contact HP Services.
SUBSCRIBE: To subscribe to automatically receive future Security
Advisories from the Software Security Response Team via electronic
REPORT: To report a potential security vulnerability with
any HP supported product, send email to:
As always, HP urges you to periodically review your system management
and security procedures. HP will continue to review and enhance the
security features of its products and work with our customers to
maintain and improve the security and integrity of their systems.
"HP is broadly distributing this Security Bulletin in order
to bring to the attention of users of the affected HP
products the important security information contained in
this Bulletin. HP recommends that all users determine the
applicability of this information to their individual situations and
take appropriate action. HP does not warrant that this information is
necessarily accurate or complete for all user situations and,
consequently, HP will not be responsible for any damages resulting
from user's use or disregard of the information provided in this
(C) Copyright 2001, 2003 Hewlett-Packard Development
Hewlett-Packard Company shall not be liable for technical
or editorial errors or omissions contained herein.
The information in this document is subject to change
without notice. Hewlett-Packard Company and the names of
Hewlett-Packard products referenced herein are trademarks of
Hewlett-Packard Company in the United States and other countries.
Other product and company names mentioned herein may be trademarks of
their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
-----END PGP SIGNATURE-----