OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[sec-adv] HP Tru64 and Internet Express update for Sendmail

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Oct 06 2003 - 07:22:13 CDT

TITLE:
HP Tru64 and Internet Express update for Sendmail

SECUNIA ADVISORY ID:
SA9947

VERIFY ADVISORY:
http://www.secunia.com/advisories/9947/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:

HP Tru64 UNIX 5.x
HP Tru64 UNIX 4.x

SOFTWARE:
HP Internet Express 5.x
HP Internet Express 6.x

DESCRIPTION:
HP has acknowledged that Tru64 Unix and Internet Express are affected
by a vulnerability in sendmail. This can be exploited by malicious
people to compromise a vulnerable system.

For more information:
SA9758

The vulnerability affects the following versions of HP Tru64 Unix:

* HP Tru64 UNIX 5.1B All Base levels
* HP Tru64 UNIX 5.1A All Base levels
* HP Tru64 UNIX 5.1 All Base levels
* HP Tru64 UNIX 4.0G All Base levels
* HP Tru64 UNIX 4.0F All Base levels

The vulnerability also affects HP Tru64 UNIX Internet Express 5.43
through 6.12 running Sendmail versions 8.9.3 through 8.12.9.

SOLUTION:
Apply ERP kit.

HP Tru64 UNIX 5.1B with PK2 (BL22):
http://www5.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020135-V51BB22-ES-20031001

HP Tru64 UNIX 5.1B with patch kit prior to PK2 (BL22):
Update to version 5.1B PK2 (BL22) and apply the above patch kit.

HP Tru64 UNIX 5.1A with PK5 (BL23):
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020137-V51AB23-ES-20031001

HP Tru64 UNIX 5.1A with PK4 (BL21):
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020138-V51AB21-ES-20031001

HP Tru64 UNIX 5.1A with PK6 (BL20):
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020139-V51B20-ES-20031001

HP Tru64 UNIX 4.0F with PK4 (BL22):
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT0020136-V40FB22-ES-20031001

HP Tru64 UNIX 4.0F with PK7 (BL18):
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT0020134-V40FB18-ES-20031001

HP Tru64 UNIX 4.0G with PK4 (BL22):
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020132-V40GB22-ES-20031001

HP Tru64 UNIX 4.0G with PK3 (BL17):
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020133-V40GB17-ES-20031001

HP Tru64 UNIX Internet Express (IX) Sendmail v6.12:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-612-Sendmail-SSRT3631

HP Tru64 UNIX Internet Express (IX) Sendmail v6.03:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-603-Sendmail-SSRT3631

HP Tru64 UNIX Internet Express (IX) Sendmail v5.94:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-594-Sendmail-SSRT3631

HP Tru64 UNIX Internet Express (IX) Sendmail v5.86:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-586-Sendmail-SSRT3631

HP Tru64 UNIX Internet Express (IX) Sendmail v5.74:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-574-Sendmail-SSRT3631

HP Tru64 UNIX Internet Express (IX) Sendmail v5.63:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-563-Sendmail-SSRT3631

HP Tru64 UNIX Internet Express (IX) Sendmail v5.53:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-553-Sendmail-SSRT3631

HP Tru64 UNIX Internet Express (IX) Sendmail v5.43:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-543-Sendmail-SSRT3631

OTHER REFERENCES:
SA9758:
http://www.secunia.com/advisories/9758/

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------