New Version Insight Manager Web Agent for Compaq Tru64 UNIX V4.0F TITLE: New Version of the Insight Manager Web Agent

TITLE: New Version Insight Manager Web Agent for Compaq Tru64 UNIX V4.0F
 
           * No Restrictions For Distribution *

______________________________________________________________
UPDATE:                                          JUNE 11, 1999


  TITLE: New Version of the Insight Manager Web Agent 
         for Compaq's Tru64/Digital UNIX V4.0f

  Cross-Ref: "Compaq Management Agents Security Advisory"  
              Located at http://www.compaq.com/sysmanage

          
  SOURCE: Compaq Computer Corporation
          Software Security Response Team 

  "Compaq is broadly distributing this Security Advisory in order
   to bring to the attention of users of Compaq products the
   important security information contained in this Advisory. 
   Compaq recommends that all users determine the applicability of
   this information to their individual situations and take
   appropriate action.

   Compaq does not warrant that this information is necessarily
   accurate or complete for all user situations and, consequently,
   Compaq will not be responsible for any damages resulting from
   user's use or disregard of the information provided in this
   Advisory."

----------------------------------------------------------------------
IMPACT:
                                                                       
 This patch fixes a potential security vulnerability in the web-enabling  
 portion of the Compaq Insight Management Agents for Tru64 UNIX.  This 
 security vulnerability may allow read access to files whose location and 
 filename are known and located on the same file system where the agents 
 are installed. 
  
 *Compaq Management Agents for Compaq OpenVMS are not affected in any way. 


----------------------------------------------------------------------
RESOLUTION:

 This potential security vulnerability has been resolved and a patch for 
 this problem has been made available for Tru64/DIGITAL UNIX V4.0f with 
 or without Patch Kit 1.

        
 *This solution will be included in future distributed releases of 
  Compaq's DIGITAL UNIX. 

  This patch may be obtained from the World Wide Web at the following 
  FTP address:

              http://www.support.compaq.com/patches

      Patch file name: SSRT0612U_im_upd06991.tar 
        
      Use the FTP access option via browse patch tree,
      select DIGITAL_UNIX directory then choose the appropriate 
      version directory and download the patch accordingly. 

  Note: 
      There is a README file with this patch: SSRT0612U_im_upd06991_cvrlet.txt
              

 Additional Considerations:

   If you need further information, please contact your normal 
   Compaq Services support channel.

   Compaq appreciates your cooperation and patience. We regret any
   inconvenience applying this information may cause.

   As always, Compaq urges you to periodically review your system
   management and security procedures. 

   Compaq will continue to review and enhance the security
   features of its products and work with customers to maintain and
   improve the security and integrity of their systems.

  ______________________________________________________________  
  Copyright (c) Compaq Computer Corporation, 1999 All
  Rights Reserved.
  Unpublished Rights Reserved Under The Copyright Laws Of
  The United States.
  ______________________________________________________________

Files on this server are as follows:

»ssrt0612u_im_upd06991.README
»ssrt0612u_im_upd06991.CHKSUM
»ssrt0612u_im_upd06991.CVRLET_TXT
»ssrt0612u_im_upd06991.tar
»ssrt0612u_im_upd06991.CVRLET_TXT