|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Bulletin SRB0081W
From: Webb, Nigel (SSRT) (NigelWebb
hp.com)
Date: Wed Jun 04 2003 - 11:40:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
/-----------------------------------------------------------------\
| Title : SRB0081W_0 |
| |
\-----------------------------------------------------------------/
SECURITY BULLETIN
SRB0081W REVISION: 0
SSRT2373 SSRT2374 SSRT2405 SSRT2415 SSRT2416 - HP
Tru64 UNIX, HP-UX, Potential CDE Security
Vulnerabilities
-------------------------------------------------------------------
NOTICE: There are no restrictions for
distribution of this Bulletin provided that it
remains complete and intact.
RELEASE June 2003
DATE:
SEVERITY: 1
SOURCE: HEWLETT-PACKARD COMPANY
Software Security Response Team
REFERENCE: SSRT2373, SSRT2374 (VU#860296, CAN 2001-0551) ,
SSRT2405 (VU#860296), SSRT2415 (VU#584243,
SSRT2282), SSRT2416 (CA 1998-02), HPSBUX0305-263
PROBLEM SUMMARY
This bulletin will be posted to the support
website within 24 hours of release to -
http://thenew.hp.com/country/us/eng/support.html
Use the SEARCH IN feature box, enter SSRT2373 in
the search window.
SSRT2373 libDtHelp, SSRT2374 liDtSvc, SSRT2405
dtprintinfo, SSRT2415 dtsession, SSRT2416
dtappgather (Severity - High)
The potential security vulnerabilities listed above
have been identified in the HP-UX and HP Tru64 UNIX
operating systems that may result in unauthorized
privileged access. These potential vulnerabilities
may be in the form of local and remote security
domain risks.
VERSIONS IMPACTED
SSRT2373 libDtHelp, SSRT2374 libDtSvc, SSRT2405
dtprintinfo, SSRT2415 dtsession
HP-UX release 11.11 (11i)
HP-UX release 11.04 (VVOS)
HP-UX release 11.00
* HP-UX is not impacted by SSRT2416 (dtappgather)
SSRT2373 libDtHelp, SSRT2374 libDtSvc, SSRT2405
dtprintinfo, SSRT2415 dtsession, SSRT2416
dtappgather
HP Tru64 UNIX V5.1B
HP Tru64 UNIX V5.1A
HP Tru64 UNIX V5.1
NOT IMPACTED
HP-MPE/ix
HP NonStop Servers
HP OpenVMS
RESOLUTION
HP-UX
SSRT2373, SSRT2374, SSRT2405
HP has provided notice of the availability of any
necessary solutions through the standard Security
Bulletin HPSBUX0305-263 announcement and is
available from your normal HP Services support
channel and will be available from
http://itrc.hp.com/ search for HPSBUX0305-263
HP Tru64 UNIX
SSRT2373, SSRT2374, SSRT2405, SSRT2415, SSRT2416
Early Release Patches (ERPs) are now available for
all supported versions of HP Tru64 UNIX. The ERP
kits use dupatch to install and will not install
over any Customer Specific Patches (CSPs) which
have file intersections with the ERPs. Contact
your normal support channel and request HP Tru64
services elevate a case to Support Engineering if
a CSP must be merged with one of the ERPs.
Please review the README file for each patch prior
to installation.
HP Tru64 UNIX/TruCluster Server V5.1B
Prerequisite: V5.1B with PK1 (BL1) installed
ERP Kit Name:
T64V51BB1-C0009800-18447-ES-20030430.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1b/
HP Tru64 UNIX/TruCluster Server V5.1A
Prerequisite: V5.1A with PK4 (BL21) installed
ERP Kit Name:
T64V51AB21-C0114000-18502-ES-200330505.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1a/
HP Tru64 UNIX/TruCluster Server 5.1
Prerequisite: Tru64 UNIX/TruCluster Server with
PK6 (BL20) installed
ERP Kit Name:
T64V51B20-C0177500-18521-ES-200330506.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1/
The fixes contained in the ERP kits will be
available in the following mainstream patch kits:
- HP Tru64 UNIX 5.1B PK2
- HP Tru64 UNIX 5.1A PK5
Patch Kits for the Sierra Cluster (SC) can be
obtained by contacting SC support through regular
channels.
Information on how to verify MD5 and SHA1 checksums
is
available
at:http://www.support.compaq.com/patches/whats-new.s
After completing the update, HP and Compaq strongly
recommend that you perform an immediate backup of
the system disk so that any subsequent restore
operations begin with updated software. Otherwise,
the updates must be re-applied after a future
restore operation. Also, if at some future time the
system is upgraded to a later patch release or
version release, reinstall the appropriate ERP.
SUPPORT: For further information, contact HP Services.
SUBSCRIBE: To subscribe to automatically receive future
Security Advisories from the Software Security Response
Team via electronic mail:
http://www.support.compaq.com/patches/mailing-list.shtml
REPORT: To report a potential security vulnerability with
any HP supported product, send email to:
security-alerthp.com
As always, HP urges you to periodically review your
system management and security procedures. HP will
continue to review and enhance the security features of
its products and work with our customers to maintain and
improve the security and integrity of their systems.
"HP is broadly distributing this Security Bulletin in
order to bring to the attention of users of the affected
HP products the important security information contained
in this Bulletin. HP recommends that all users determine
the applicability of this information to their individual
situations and take appropriate action. HP does not
warrant that this information is necessarily accurate or
complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from
user's use or disregard of the information provided in
this Bulletin."
©Copyright 2001, 2003 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
iQA/AwUBPt3tFeAfOvwtKn1ZEQL7ggCcCyhlfWZA49cQkiO9VETg3SLUJ/sAn0xE
N+6wQ2qmh9CBIRaQJMdiU1/P
=uti5
-----END PGP SIGNATURE-----
Software Security Response Team
HP Services
Nigel Webb
To report any security issue for any HP software
product send email to security-alerthp.com
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient
is prohibited. If you received this in error, please contact the
sender and delete the material from any computer.
---
You are currently subscribed to security as: security-ssrtcompaq.com
leave-security-7517Dlist.support.compaq.com
---
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]