HP fixes multiple remote takeover vulnerabilities

By Edmund X. DeJesus, Contributing Writer 09 Mar 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Hewlett-Packard recently announced the fixes for multiple vulnerabilities in its Tru64 Unix operating system, which is the enterprise Unix operating environment for HP AlphaServer systems.

The problem occurs in the IPSec/IKE components of Tru64. IPSec is widely used to provide security, including Virtual Private Network (VPN) support, for the IP protocol. While HP has not specified the nature of the vulnerabilities, they have indicated that the problem is with certificate handling, and could permit remote system access.

The problem is known to affect versions 5.1A PK6(BL24), 5.1B PK2(BL22), and PK3(BL24). No workarounds are available. However, HP has posted patches to fix the problems for 5.1A and for 5.1B.

In January, HP announced fixes for another IPSec problem in Tru64 version 5.1B that also involved system access vulnerability.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary