Article

HP reports 'highly critical' Tru64 flaws

Edmund X. DeJesus, Contributor

Hewlett-Packard Co. is warning Tru64 administrators of "highly critical" vulnerabilities that could lead to local or remote unauthorized system access or denial of service. HP has released patches for both flaws.

HP has declined to specify the nature of the vulnerabilities, except to say that they are in HP's implementation of IPSec and SSH.

The locations of the vulnerabilities are ironic, in that both IPSec and SSH are intended to provide security features to operating systems. IPSec is used to create encrypted, secure VPN tunnels for passing information between IP-based systems. SSH (Secure Shell) offers secure versions of network commands including rsh, rlogin and rcp, and applications such as telnet and ftp. Users commonly employ SSH to log-in to and execute commands on remote computers securely, as well as establish secure communications between two computers.

Affected versions of HP Tru64 UNIX include V5.1B PK2 (BL22) and PK3 (BL24), and V5.1A running IPSec and SSH software kits earlier than IPSec 2.1.1 and SSH 3.2.2. The vulnerabilities are not present in IPSec version 2.1.1 and SSH version 3.2.2.

HP Tru64 UNIX, which runs on the inherited AlphaServer line, is in the process of being replaced by HP-UX. Tru64 has exhibited vulnerability issues before, including privilege escalation, denial of service and specific issues with SSH in August 2003.

FOR MORE INFORMATION:

    Requires Free Membership to View

Download IPSec patch

Download SSH patch


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: