SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   screend Vendors:   HPE
'screend' on HP Tru64 UNIX Has Unspecified Flaw That Allows Remote Users to Cause Denial of Service
SecurityTracker Alert ID:  1006630
SecurityTracker URL:  http://securitytracker.com/id/1006630
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 23 2003
Impact:   Denial of service via local system, Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the 'screend' packet filter on the HP Tru64 UNIX operating system. A remote or local user could cause denial of service conditions.

HP reported that a remote or local user could cause denial of service conditions or generate "undetected network traffic." The nature of the vulnerability was not disclosed. No further details were provided.

Impact:   A remote or local user could cause denial of service conditions.
Solution:   The vendor has issued the following Early Release Patch (ERP) kits:

HP Tru64 UNIX 5.1B
PREREQUISITE: HP Tru64 UNIX with PK1 (BL1) installed
ERP Kit Name: T64V51BB1-C0008100-17827-ES-20030404.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v5.1a/

For HP Tru64 UNIX 5.1B, update to a minimum of V5.1B PK1 (BL1) and install the ERP kit T64V51BB1-C0008100-17827-ES-20030404.tar


HP Tru64 UNIX 5.1A
PREREQUISITE: HP Tru64 UNIX with PK4 (BL21) installed
ERP Kit Name: T64V51AB21-C0113300-17831-ES-20030404.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v5.1a/

For HP Tru64 UNIX Server 5.1A PK3 (BL3), update to a minimum of V5.1A PK4 (BL21) and install the ERP kit T64V51AB21-C0113300-17831-ES-20030404.tar


HP Tru64 UNIX 5.1
PREREQUISITE: HP Tru64 UNIX with PK6 (BL20) installed
ERP Kit Name: T64V51B20-C0176800-17832-ES-20030404.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v5.1/

For HP Tru64 UNIX 5.1 PK5 (BL19), update to a minimum of V5.1 PK6 (BL20) and install ERP kit T64V51B20-C0176800-17832-ES-20030404.tar


HP Tru64 UNIX 5.0A
PREREQUISITE: Tru64 UNIX with PK3 (BL17) installed
HP asks that you submit an IPMT case to request the 5.0A patch kit for this SSRT.


HP Tru64 UNIX 4.0G
PREREQUISITE: HP Tru64 UNIX with PK3 (BL17) installed
ERP Kit Name: T64V40GB17-C0029300-17837-ES-20030404.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0g/


HP Tru64 UNIX 4.0F
PREREQUISITE: HP Tru64 UNIX with PK7 (BL18) installed
ERP Kit Name: DUV40FB18-C0093500-17836-ES-20030404.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0f

See the Source Message for additional information about the patch kits.

Vendor URL:  www.hp.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:  UNIX (Tru64)
Underlying OS Comments:  5.1B, 5.1A, 5.1, 5.0A, 4.0G, 4.0F

Message History:   None.


 Source Message Contents

Subject:  HP Tru64 UNIX Security Bulletins Digest (SSRT3498, SSRT3533)




SSRT3498    HP Tru64 UNIX screend Potential Security
                    Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



TITLE: SSRT3498 - HP Tru64 UNIX screend Potential Security
Vulnerability

REVISION: 0


NOTICE: There are no restrictions for distribution of this Bulletin
provided  that it remains complete and intact.

RELEASE DATE:  21 April 2003


SEVERITY:  High
 
SOURCE:  HEWLETT-PACKARD COMPANY
                Software Security Response Team
 
REFERENCE:  SSRT3498

PROBLEM SUMMARY

This bulletin will be posted to the support website
within 24 hours of release to -
http://thenew.hp.com/country/us/eng/support.html
Use the SEARCH IN feature box, enter SSRT3498 in the search window.


SSRT3498  screend   (Severity High)

A potential security vulnerability has been reported in the HP Tru64
UNIX operating system that may result in undetected network traffic
or a Denial of Service (DoS). This potential vulnerability may be in
the form of local and remote security domain risks.


VERSIONS IMPACTED

   HP Tru64 UNIX V5.1B

   HP Tru64 UNIX V5.1A 

   HP Tru64 UNIX V5.1 

   HP Tru64 UNIX V5.0A 

   HP Tru64 UNIX V4.0G 

   HP Tru64 UNIX V4.0F


 

NOT IMPACTED 

   HP-UX

   HP-MPE/ix

   HP NonStop Servers

   HP OpenVMS


RESOLUTION



Early Release Patches (ERPs) are now available for all supported
versions of HP Tru64 UNIX/TruCluster Server that provide a solution
to this potential vulnerability. The ERP kits use dupatch to install
and will not  install over any Customer Specific Patches (CSPs) which
have file intersections with the ERPs.  Contact your normal support
channel and request HP Tru64 services elevate a case to Support
Engineering if a CSP must be merged with one of the ERPs. Please
review the README file for each patch prior to installation.

The following ERP kits are applicable to any system running HP Tru64
UNIX.  

HP Tru64 UNIX  5.1B
PREREQUISITE:   HP Tru64 UNIX with PK1 (BL1) installed
ERP Kit Name: T64V51BB1-C0008100-17827-ES-20030404.tar
Kit Location:   http://ftp1.support.compaq.com/public/unix/v5.1a/

HP Tru64 UNIX  5.1B *- Update to a minimum of V5.1B PK1 (BL1) and
install the ERP kit T64V51BB1-C0008100-17827-ES-20030404.tar

 

HP Tru64 UNIX 5.1A
PREREQUISITE: HP Tru64 UNIX with PK4 (BL21) installed
ERP Kit Name: T64V51AB21-C0113300-17831-ES-20030404.tar 
Kit Location:  http://ftp1.support.compaq.com/public/unix/v5.1a/ 

 

HP Tru64 UNIX Server 5.1A PK3 (BL3) - Update to a minimum of V5.1A
PK4 (BL21) and install the ERP kit
T64V51AB21-C0113300-17831-ES-20030404.tar 


HP Tru64 UNIX 5.1
PREREQUISITE: HP Tru64 UNIX with PK6 (BL20) installed
ERP Kit Name: T64V51B20-C0176800-17832-ES-20030404.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v5.1/

 

HP Tru64 UNIX 5.1 PK5 (BL19) - Update to a minimum of V5.1 PK6 (BL20)
and install ERP kit T64V51B20-C0176800-17832-ES-20030404.tar


  
HP Tru64 UNIX 5.0A
PREREQUISITE: Tru64 UNIX with PK3 (BL17) installed 
Please submit an IPMT case to request the 5.0A patch kit for this
SSRT. 

 

HP Tru64 UNIX 4.0G
PREREQUISITE:   HP Tru64 UNIX with PK3 (BL17) installed
ERP Kit Name: T64V40GB17-C0029300-17837-ES-20030404.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0g/


  
HP Tru64 UNIX 4.0F
PREREQUISITE: HP Tru64 UNIX with PK7 (BL18) installed
ERP Kit Name: DUV40FB18-C0093500-17836-ES-20030404.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0f 

 

Patch Kits for Sierra Clusters (SC) can be obtained by contacting
your normal HP Sierra Cluster Support channel.


Information on how to verify MD5 and SHA1 checksums is
available at: http://www.support.compaq.com/patches/whats-new.shtml

After completing the update, HP strongly recommends that you perform
an immediate backup of  the system disk so that any subsequent
restore operations begin with updated software. Otherwise, the
updates must be re-applied after a future restore operation.  Also,
if at some future time the system is upgraded to a later patch
release or version release,  reinstall the appropriate ERP.


SUPPORT: For further information, contact HP Services.

SUBSCRIBE: To subscribe to automatically receive future Security
Advisories from the Software Security Response Team via electronic
mail: 
http://www.support.compaq.com/patches/mail-list.shtml 

REPORT: To report a potential security vulnerability with any HP
supported product, send email to: security-alert@hp.com 

As always, HP urges you to periodically review your system management
and security procedures. HP will continue to review and enhance the
security features of its products and work with our customers to
maintain and improve the security and integrity of their systems. 

"HP is broadly distributing this Security Bulletin in order to bring
to the attention of users of the affected HP products the important
security information contained in this Bulletin. HP recommends that
all users determine the applicability of this information to their
individual situations and take appropriate action. HP does not
warrant that this information is necessarily accurate or complete for
all user situations and, consequently, HP will not be responsible for
any damages resulting from user's use or disregard of the information
provided in this Bulletin." 

(c)Copyright 2001, 2003 Hewlett-Packard Development Company, L.P. 
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information in
this document is subject to change without notice. Hewlett-Packard
Company and the names of Hewlett-Packard products referenced herein
are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may
be trademarks of their respective owners. 

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBPqVr1TnTu2ckvbFuEQJG/gCg562XcpUaJWS2f8gmwfi8NVAidKUAoJl0
80U6DxM/0UyssCKNIX2KF+Hg
=eruB
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC