HP reports 'highly critical' Tru64 flaws

Serious vulnerabilities have been discovered in Hewlett-Packard Co.'s implementations of IPSec and SSH in Tru64 Unix.

Hewlett-Packard Co. is warning Tru64 administrators of "highly critical" vulnerabilities that could lead to local or remote unauthorized system access or denial of service. HP has released patches for both flaws.

HP has declined to specify the nature of the vulnerabilities, except to say that they are in HP's implementation of IPSec and SSH.

The locations of the vulnerabilities are ironic, in that both IPSec and SSH are intended to provide security features to operating systems. IPSec is used to create encrypted, secure VPN tunnels for passing information between IP-based systems. SSH (Secure Shell) offers secure versions of network commands including rsh, rlogin and rcp, and applications such as telnet and ftp. Users commonly employ SSH to log-in to and execute commands on remote computers securely, as well as establish secure communications between two computers.

Affected versions of HP Tru64 UNIX include V5.1B PK2 (BL22) and PK3 (BL24), and V5.1A running IPSec and SSH software kits earlier than IPSec 2.1.1 and SSH 3.2.2. The vulnerabilities are not present in IPSec version 2.1.1 and SSH version 3.2.2.

HP Tru64 UNIX, which runs on the inherited AlphaServer line, is in the process of being replaced by HP-UX. Tru64 has exhibited vulnerability issues before, including privilege escalation, denial of service and specific issues with SSH in August 2003.

FOR MORE INFORMATION:

Download IPSec patch

Download SSH patch

Dig deeper on IPsec VPN Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close