-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SECURITY BULLETIN: SSRT2266 HP Tru64 UNIX IGMP Potential
(DoS) Security
Vulnerability
REVISION: 0
NOTICE: There are no restrictions for distribution of this Bulletin
provided that it remains complete and intact.
RELEASE DATE: 13 November 2002
SEVERITY: High
SOURCE: Compaq Computer Corporation,
a wholly-owned subsidiary of
Hewlett-Packard Company and
Hewlett-Packard Company
HP Services
Software Security Response Team
REFERENCE: SSRT2266
PROBLEM SUMMARY:
This bulletin will be posted to the support
website within 24 hours of release to -
http://thenew.hp.com/country/us/eng/support.html
Use the SEARCH IN feature box, enter SSRT2266 in
the search window.
SSRT2266 IGMP (Severity - High)
( IGMP = Internet Group Management Protocol )
A potential security vulnerability has been identified
in the HP Tru64 UNIX operating system that may result in
Denial of Service (DoS). This potential vulnerability
may be in the form of local and remote security domain
risks.
VERSIONS IMPACTED:
HP Tru64 UNIX V5.1A
HP Tru64 UNIX V5.1
HP Tru64 UNIX V5.0A
HP Tru64 UNIX V4.0G
HP Tru64 UNIX V4.0F
HP-UX
NOT IMPACTED:
HP-MPE/ix
HP NonStop Servers
HP OpenVMS
RESOLUTION:
HP-UX
REF: SSRT2266 IGMP
HP will provide notice of the availability of any
necessary solutions through standard security
bulletin announcements and will be available from
your normal HP Services support channel
and will be available from http://itrc.hp.com
HP Tru64 UNIX
Early Release Patches (ERPs) are now available for all
supported versions of HP Tru64 UNIX. The ERP kits use
dupatch to install and will not install over any
Customer Specific Patches (CSPs) which have file
intersections with the ERPs. Contact your normal support
channel and request HP Tru64 services elevate a case to
Support Engineering if a CSP must be merged with one of
the ERPs.
Please review the README file for each patch prior to
installation.
HP Tru64 UNIX/TruCluster V5.1A:
Prerequisite: V5.1A with PK3 (BL3) installed
ERP Kit Name: T64V51AB3-C0076000-15793-ES-20021025.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.1a/
HP Tru64 UNIX/TruCluster V5.1:
Prerequisite: V5.1 with PK5 (BL19) installed
ERP Kit Name: T64V51B19-C0153600-15796-ES-20021025.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.1/
HP Tru64 UNIX/TruCluster V5.0A:
Prerequisite: V5.0A with PK3 (BL17) installed
ERP Kit Name: T64V50AB17-C0026000-15803-ES-20021025.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.0a/
HP Tru64 UNIX/TruCluster V4.0G:
Prerequisite: V4.0G with PK3 (BL17) installed
ERP Kit Name: T64V40GB17-C0021700-15804-ES-20021025.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v4.0g/
HP Tru64 UNIX/TruCluster V4.0F:
Prerequisite: V4.0F with PK7 (BL18) installed
ERP Kit Name: DUV40FB18-C0084500-15850-ES-20021030.tar
Kit Location: ftp://ftp1.support.compaq.com/public/unix/v4.0f/
Information on how to verify MD5 and SHA1 checksums is
available at: http://www.support.compaq.com/patches/whats-new.shtml
After completing the update, HP strongly
recommends that you perform an immediate backup of
the system disk so that any subsequent restore operations
begin with updated software. Otherwise, the updates must
be re-applied after a future restore operation. Also, if
at some future time the system is upgraded to a later
patch release or version release, reinstall the
appropriate ERP.
SUPPORT:
For further information, contact HP Services.
SUBSCRIBE:
To subscribe to automatically receive future Security Advisories
from the Software Security Response Team via Electronic
mail: http://www.support.compaq.com/patches/mailing-list.shtml
REPORT:
To report a potential security vulnerability with any HP
supported product, send email to: security-alertat_private
As always, HP urges you to periodically review your system
management and security procedures. HP will continue to
review and enhance the security features of its products and
work with our customers to maintain and improve the security
and integrity of their systems.
"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
HP will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Bulletin."
(c)Copyright 2002 Hewlett-Packard Company.
Hewlett-Packard Company shall not be liable for technical
or editorial errors or omissions contained herein. The information
in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of
their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
iQA/AwUBPePRhjnTu2ckvbFuEQJ0+wCgpDPoTmqztSd9HvoOp6oWP9T3DboAniCe
6btMqvVZWcnEMdV2fJ8dwpKt
=dmAE
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 12:51:51 PST