SSRT4688 rev.1 HP-UX rpc.ypupdated remote unauthorized access
From: Security Alert (secure_at_hpchs.cup.hp.com)
Date: 02/24/05
- Next message: Security Alert: "SSRT2384 rev.2 HP-UX RPC remote Denial of Service (DoS)"
- Previous message: Security Alert: "SSRT3631 rev.9 HP-UX sendmail remote privileged access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Feb 2005 12:40:34 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
HP SECURITY BULLETIN
HPSBUX01002 REVISION: 1
SSRT4688 rev.1 HP-UX rpc.ypupdated remote unauthorized access
NOTICE:
There are no restrictions for distribution of this Security
Bulletin provided that it remains complete and intact.
The information in this Security Bulletin should be acted upon
as soon as possible.
INITIAL RELEASE:
22 February 2005
POTENTIAL SECURITY IMPACT:
Remote unauthorized access.
SOURCE:
Hewlett-Packard Company
HP Software Security Response Team
VULNERABILITY SUMMARY:
A potential security vulnerability has been found in HP-UX running
rpc.ypupdated. The vulnerability could be exploited to allow
remote unauthorized access.
REFERENCES:
CERT Advisory CA-1995-17
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.00, B.11.11, B.11.22, B.11.23.
BACKGROUND:
This issue has been reported in CERT Advisory CA-1995-17.
< http://www.cert.org/advisories/CA-1995-17.html>
AFFECTED VERSIONS
Note: To determine if a system has an affected version,
search the output of "swlist -a revision -l fileset"
for an affected fileset. Then determine if the
recommended patch or update is installed.
HP-UX B.11.23
For Integrity (IA) servers
=============
NFS.NIS2-SERVER
action: install PHNE_30095 or subsequent
HP-UX B.11.23
->For HP 9000 (PA) servers
=============
NFS.NIS2-SERVER
->action: install PHKL_31500 or subsequent
HP-UX B.11.22
=============
NFS.NIS2-SERVER
action: install PHNE_30084 or subsequent
HP-UX B.11.11
=============
NFS.NIS-SERVER
action: install PHNE_29783 or subsequent
HP-UX B.11.00
=============
NFS.NIS-SERVER
action: install PHNE_29785 or subsequent
END AFFECTED VERSIONS
RESOLUTION:
HP has made the following patches available from
http://itrc.hp.com to resolve the issue:
HP-UX B.11.23 (IA) - PHNE_30095 or subsequent
->HP-UX B.11.23 (PA) - PHKL_31500 or subsequent
HP-UX B.11.22 - PHNE_30084 or subsequent
HP-UX B.11.11 - PHNE_29783 or subsequent
HP-UX B.11.00 - PHNE_29785 or subsequent
MANUAL ACTIONS: No
BULLETIN REVISION HISTORY:
Revision 0: 23 March 2004
Initial release.
Revision 1: 22 February 2004
Added PHKL_31500.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQhx5iOAfOvwtKn1ZEQI3JQCdEb5WcRbHkly24f83uldCVd0u9moAoLkq
p7YPGBAo6Qfo2+M8jl6adTcp
=v+Lx
-----END PGP SIGNATURE-----
-- Yours truly, HP S/W Security Team WTEC Cupertino, California Return-Path: secure@cup.hp.com Reply-to: security-alert@hp.com
- Next message: Security Alert: "SSRT2384 rev.2 HP-UX RPC remote Denial of Service (DoS)"
- Previous message: Security Alert: "SSRT3631 rev.9 HP-UX sendmail remote privileged access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
