HP fixes multiple remote takeover vulnerabilities
Hewlett-Packard recently announced the fixes for multiple vulnerabilities in its Tru64 Unix operating system, which is the enterprise Unix operating environment for HP AlphaServer systems.
The problem occurs in the IPSec/IKE components
of Tru64. IPSec is widely used to provide security, including Virtual Private Network (VPN) support, for the IP protocol. While HP has not specified the nature of the vulnerabilities, they have indicated that the problem is with certificate handling, and could permit remote system access.
The problem is known to affect versions 5.1A PK6(BL24), 5.1B PK2(BL22), and PK3(BL24). No workarounds are available. However, HP has posted patches to fix the problems for 5.1A and for 5.1B.
In January, HP announced fixes for another IPSec problem in Tru64 version 5.1B that also involved system access vulnerability.