HP fixes multiple remote takeover vulnerabilities

HP Tru64 UNIX administrators need to apply vendor patches for highly critical security vulnerabilities that could allow a remote attacker to take over affected systems.

Hewlett-Packard recently announced the fixes for multiple vulnerabilities in its Tru64 Unix operating system, which is the enterprise Unix operating environment for HP AlphaServer systems.

The problem occurs in the IPSec/IKE components of Tru64. IPSec is widely used to provide security, including Virtual Private Network (VPN) support, for the IP protocol. While HP has not specified the nature of the vulnerabilities, they have indicated that the problem is with certificate handling, and could permit remote system access.

The problem is known to affect versions 5.1A PK6(BL24), 5.1B PK2(BL22), and PK3(BL24). No workarounds are available. However, HP has posted patches to fix the problems for 5.1A and for 5.1B.

In January, HP announced fixes for another IPSec problem in Tru64 version 5.1B that also involved system access vulnerability.

Dig deeper on Network Device Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close