Bugtraq mailing list archives
Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd)
From: Frank da Cruz <fdc () columbia edu>
Date: Fri, 2 May 2003 17:42:30 EDT
I see. The problem is that the latest patch for kermit in HP-UX 11.0 is PHCO_22665 . This kermit patch does not increase version of kermit, it only patches known kermit(v. 6.0.192) vulnerabilities. I have kermit v.6.0.192,shipped with default HP-UX 11.0 install and patched with latest HP security patch for it. ... It would be a perfect solution, but most sysadmins do not download newer software from third parties, but patches existing software from OS vendor. As I mentioned, new kermit versions were released, but AFAIK HP didn't make any patches to upgrade existing ones shipped earlier. ... I meant that patches should be released by HP. ... My point is : I have kermit with latest HP patches, an it is vulnerable. There are newer C-Kermit releases, but HP has no upgrade patch for it...Did i miss something?
I submit all new Kermit versions of Kermit to HP. I include HP in the development and test cycles. They are supposed to update their copies. OK, let me try some of the HP-UX systems at: http://www.testdrive.hp.com/ Here's what I find: HP-UX spe175 B.11.22 U ia64 rx2600 C-Kermit 8.0.200, 12 Dec 2001, for HP-UX 11.00 This one is fairly current - it has the buffer overflow fixes. HP-UX spe169 B.11.11 U 9000/800/A500-7X C-Kermit 7.0.197, 8 Feb 2000, for HP-UX 11.00 This one is four years newer than the one you found but it is before the buffer overflow fixes. I suspect that HP ships newer Kermit versions with newer OS versions, but does not issue new Kermit patches for older OS versions. If that is true, then you have a point. But: . HP probably wants you upgrade your OS version. They don't want to maintain patches for every combination of C-Kermit version and HP-UX version. . The current version is always available direct from us, for EVERY version of HP-UX on EVERY hardware platform. See: http://www.columbia.edu/kermit/ck80binaries.html#hp - Frank
Current thread:
- Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd) Frank da Cruz (May 02)
- Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd) Elmar Knipp (May 03)
- <Possible follow-ups>
- Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd) Frank da Cruz (May 03)