Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [security bulletin] SSRT2265 HP TruCluster Server Interconnect Potential Security Vulnerability (fwd)

From: Dave Ahmad <da () securityfocus com>
Date: Tue, 5 Nov 2002 10:17:23 -0700 (MST)


David Mirza Ahmad
Symantec

0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB  AB F0 1E 67 C6 1A 26 00 57 12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SECURITY BULLETIN

REVISION: 0

TITLE: SSRT2265 HP TruCluster Server Interconnect
       Potential Security Vulnerability

NOTICE: There are no restrictions for distribution of
        this Bulletin provided that it remains complete
        and intact.

RELEASE DATE: 04 November 2002

SEVERITY: High

SOURCE:  Compaq Computer Corporation,
         a wholly-owned subsidiary of
         Hewlett-Packard Company and
         Hewlett-Packard Company HP Services
         Software Security Response Team

REFERENCE:  SSRT2265, CVE CAN-2002-0711

PROBLEM SUMMARY

This bulletin will be posted to the support website
within 24 hours of release to
http://thenew.hp.com/country/us/eng/support.html
Use the SEARCH IN feature box, enter SSRT2265
in the search window.


  SSRT2265  Cluster Interconnect  (Severity High)


  A potential security vulnerability has been discovered
  in HP TruCluster Server software that may result in a
denial
  of service (DoS). This potential vulnerability may be in
the
  form of local and remote security domain risks.

VERSIONS IMPACTED

  HP TruCluster Server V5.1A

  HP TruCluster Server  V5.1

  HP TruCluster Server  V5.0A


NOT IMPACTED

  HP-UX

  HP-MPE/ix

  HP NonStop Servers

  HP OpenVMS


RESOLUTION

  HP TruCluster Server - Early Release Patches (ERPs) are
now
  available for all affected versions of HP TruCluster
Server
  product versions. The ERP kits use dupatch to install and
will
  not install over any Customer-Specific-Patches (CSPs)
which
  have file intersections with the ERPs. Contact your
normal support
  channel and request HP Tru64 services elevate a case to
  Support Engineering if a CSP must be merged with one of
the ERPs.

  Please review the README file for each patch prior to
installation.


  HP TruCluster Server 5.1A:
  Prerequisite: V5.1A with Patch Kit 3 (BL3) installed

  ERP Kit Name: tcv51ab3-c0008601-15346-es-20020905.tar
  Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1a/

  HP TruCluster Server V5.1A with PK2 (BL2) installed:
update to a
  minimum of PK3 (BL3) then install ERP
  tcv51ab3-c0008601-15346-es-20020905.tar


  HP TruCluster Server 5.1:
  Prerequisite: V5.1 with Patch Kit 5 (BL19) installed
  ERP Kit Name: tcv51b19-c0030403-15347-es-20020905.tar
  Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1/

  HP TruCluster Server 5.1 with PK4(BL18) installed: update
to a
  minimum of PK5 (BL19) then install ERP
  tcv51b19-c0030403-15347-es-20020905.tar


  HP TruCluster Server 5.0A
  Prerequisite: V5.0A with Patch Kit 3 (BL17) installed
  ERP Kit Name: tcv50ab17-c0005202-15352-es-20020905.tar
  Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.0a/

  MD5 and SHA1 checksums are available in the public patch
notice
  and CHECKSUM file for each patch on the FTP site for each
of the
  ERP kits. You can find information on how to verify MD5
and SHA1
  checksums at:
http://www.support.compaq.com/patches/whats-new.shtml

  After completing the update, HP strongly recommends that
you perform
  an immediate backup of your system disk so that any
subsequent
  restore operations begin with updated software.
Otherwise, you
  must reapply the update after a future restore operation.
Also,
  if at some future time you upgrade your system to a later
patch
  version, you may need to reapply the appropriate update.


SUPPORT: For further information, contact HP Services.=20

SUBSCRIBE:
To subscribe to automatically receive future Security
Advisories from the Software Security Response Team via
electronic mail:
http://www.support.compaq.com/patches/mailing-list.shtml=20


REPORT: To report a potential security vulnerability with
any HP or Compaq supported product, send email to:
security-alert () hp com


HP and Compaq appreciate your cooperation and patience. As
always, HP and Compaq urge you to periodically review your
system management and security procedures. HP and Compaq
will continue to review and enhance the security features
of its products and work with our customers to maintain and
improve the security and integrity of their systems. =20
"HP and Compaq are broadly distributing this Security
Bulletin in order to bring to the attention of users of the
affected Compaq products the important security information
contained in this Bulletin. HP and Compaq recommend that
all users determine the applicability of this information
to their individual situations and take appropriate action.
Neither HP nor Compaq warrant that this information is
necessarily accurate or complete for all user situations
and, consequently, neither HP nor Compaq will be
responsible for any damages resulting from user's use or
disregard of the information provided in this Bulletin."

(c)Copyright 2002 Hewlett-Packard Company Hewlett-Packard
Company shall not be liable for technical or editorial
errors or omissions contained herein. The information in
this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of
Hewlett-Packard Company in the United States and other
countries. Other product and company names mentioned herein
may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPcf/FDnTu2ckvbFuEQL+aQCg4Gz312HjMSSa1X+vgpyUitNZ7xIAn269
+014m2cIgfwf2CBHFFD0u3OH
=pyn4
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: