Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Security Alert
February 24, 2005, 5:40 pm
rate this thread
HP SECURITY BULLETIN
HPSBUX01002 REVISION: 1
SSRT4688 rev.1 HP-UX rpc.ypupdated remote unauthorized access
There are no restrictions for distribution of this Security
Bulletin provided that it remains complete and intact.
The information in this Security Bulletin should be acted upon
as soon as possible.
22 February 2005
POTENTIAL SECURITY IMPACT:
Remote unauthorized access.
HP Software Security Response Team
A potential security vulnerability has been found in HP-UX running
rpc.ypupdated. The vulnerability could be exploited to allow
remote unauthorized access.
CERT Advisory CA-1995-17
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.00, B.11.11, B.11.22, B.11.23.
This issue has been reported in CERT Advisory CA-1995-17.
Note: To determine if a system has an affected version,
search the output of "swlist -a revision -l fileset"
for an affected fileset. Then determine if the
recommended patch or update is installed.
For Integrity (IA) servers
action: install PHNE_30095 or subsequent
->For HP 9000 (PA) servers
->action: install PHKL_31500 or subsequent
action: install PHNE_30084 or subsequent
action: install PHNE_29783 or subsequent
action: install PHNE_29785 or subsequent
END AFFECTED VERSIONS
HP has made the following patches available from
http://itrc.hp.com to resolve the issue:
HP-UX B.11.23 (IA) - PHNE_30095 or subsequent
->HP-UX B.11.23 (PA) - PHKL_31500 or subsequent
HP-UX B.11.22 - PHNE_30084 or subsequent
HP-UX B.11.11 - PHNE_29783 or subsequent
HP-UX B.11.00 - PHNE_29785 or subsequent
MANUAL ACTIONS: No
BULLETIN REVISION HISTORY:
Revision 0: 23 March 2004
Revision 1: 22 February 2004
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
-----END PGP SIGNATURE-----
HP S/W Security Team
WTEC Cupertino, California
- » SSRT2384 rev.2 HP-UX RPC remote Denial of Service (DoS)
- — Next thread in » General Computer Security
- » SSRT3631 rev.9 HP-UX sendmail remote privileged access
- — Previous thread in » General Computer Security