SEARCH CONTACT US SUPPORT SERVICES PRODUCTS STORE
United States    
COMPAQ STORE | PRODUCTS | SERVICES | SUPPORT | CONTACT US | SEARCH
security patches support
.
.
.
associated links
.
} what's new
.
} contract access
.
} browse patch tree
.
} search patches
.
} join mailing list
.
connection tools
.
} nameserver lookup
.
} traceroute
.
} ping
.
photo of jumper
.
.
.
. .





TITLE:SSRT0622-OSIS Potential Security problem when using 'wu-ftpd' Shipped
      with OSIS and IASS
 


                     * No Restrictions For Distribution *
 
______________________________________________________________
UPDATE:                                         NOV 20,  1999
 
  TITLE: Potential Security Problem when using wu-ftpd as a part
  of Open Source Internet Solutions (OSIS).
          
  SOURCE: Compaq Computer Corporation
          Software Security Response Team 
    x-ref: SSRT0622  
 
 "Compaq is broadly distributing this Security Advisory in order
 to bring to the attention of users of Compaq products the
 important security information contained in this Advisory. 
 Compaq recommends that all users determine the applicability of
 this information to their individual situations and take
 appropriate action.
 
 Compaq does not warrant that this information is necessarily
 accurate or complete for all user situations and, consequently,
 Compaq will not be responsible for any damages resulting from
 user's use or disregard of the information provided in this
 Advisory."
 
------------------------------------------------------ 
IMPACT:
 
The wu-ftpd version 2.5.0 is the subject of  recent  CERT  and CIAC 
security advisories and the solution is to upgrade  to wu-ftpd 2.6.0.
 
 Also, the wu-ftpd as included in IASS V4.2, OSIS V5.0, and OSIS
 V5.1 was modified to work both with and without Enhanced (C2)
 Security enabled but in doing so, some of the advanced access
 and logging features of wu-ftpd (such as guestgroup) were broken.
 In this patch kit, that problem has been fixed, and it will
 still work either with or without Enhanced (C2) Security enabled
 (although accounts with secondary passwords are not supported). 
 
----------------------------------------------------------------------
RESOLUTION:
 

        A patch has been provided by the OSIS development engineering group
       please follow the attached installation instructions.
 
Installation Instructions
-------------------------
 
  This patch may be obtained from the World Wide Web at the
  following FTP address:
 
              http://www.service.digital.com/patches
 
    Patch name: SSRT0622-OSIS
 
    Unpack the copied tar file and use setld to install it:
 
    # tar xf  ssrt0622-osis.tar
    # setld -l  ssrt0622-osis.tar
 
 Additional Considerations:
 
   If you need further information, please contact your normal 
   Compaq Services support channel.
 
   Compaq appreciates your cooperation and patience. We regret any
   inconvenience applying this information may cause.
 
   As always, Compaq urges you to periodically review your system
   management and security procedures. 
 
   Compaq will continue to review and enhance the security
   features of its products and work with customers to maintain and
   improve the security and integrity of their systems.
 
  ______________________________________________________________  
  Copyright (c) Compaq Computer Corporation, 1999 All
  Rights Reserved.
  Unpublished Rights Reserved Under The Copyright Laws Of
  The United States.

This patch can be found at any of these sites:

Colorado Site
Georgia Site
European Site


Files on this server are as follows:

ssrt0622-osis.README
ssrt0622-osis.CHKSUM
ssrt0622-osis.tar
.
1.800.AT.COMPAQ .

privacy and legal statement