TITLE : HP Tru64 UNIX - SSRT090194 : Cyrus IMAP Vulnerability 

Copyright (c) Hewlett-Packard Company 2009.  All rights reserved.


PRODUCT:    HP Internet Express for Tru64 UNIX
SOURCE:     Hewlett-Packard Company

ECO INFORMATION:

     ECO Name:   T64V51B-IX691-CYRUSIMAP2315-SSRT172-20091124.tar.gz
     ECO Kit Approximate Size: 69.38 MB
     Kit Applies To:  HP Internet Express for Tru64 UNIX 6.9

     ECO Kit CHECKSUMS:
        /usr/bin/sum results:
        53344  71049

        /usr/bin/cksum results:
        1880660993 72753928

        MD5 results:
        7b4d8d07324134d79443063ca7479abb  

        SHA1 results:
        c5e4d16bb6219a8bb290d89d12b9835683a9e9c0     
        
ECO KIT SUMMARY:

A setld-based patch kit exists for HP Internet Express for Tru64 UNIX 6.9
(IX) that contains solution to the following problem:

  A Potential security vulnerability has been reported on Cyrus IMAP running
  on the HP Tru64 UNIX Operating System. The vulnerability could be exploited
  to gain unauthorized privileged access 


Special Installation Instructions

The kit "T64V51B-IX691-CYRUSIMAP2315-SSRT172-20091124.tar.gz" when untarred contains the following :

  -  IAE691-CYRUSIMAP-SSRT172.tar.gz (Installable Kit)
  -  cyrus-imapd-2.3.15.tar.Z (sources)

Installing the kit


1. gunzip T64V51B-IX691-CYRUSIMAP2315-SSRT172-20091124.tar.gz

2. tar xvf T64V51B-IX691-CYRUSIMAP2315-SSRT172-20091124.tar

3. gunzip IAE691-CYRUSIMAP-SSRT172.tar.gz

4. tar xvf IAE691-CYRUSIMAP-SSRT172.tar

5. cd  cyrusimap_kit

6. ls -R
IAE.image      IAECYRIMAP691  IAECYRSASL691  IAEPERL691     INSTCTRL       instctrl

./instctrl:
IAE.image           IAECYRIMAP691.ctrl  IAECYRIMAP691.scp   IAECYRSASL691.inv   IAEPERL691.ctrl     IAEPERL691.scp
IAE691.comp         IAECYRIMAP691.inv   IAECYRSASL691.ctrl  IAECYRSASL691.scp   IAEPERL691.inv

7. setld -l .


SUPERSEDE INFORMATION:

Please note that this IX Cyrus-Imap ERP being delivered, contains the subset IAECYRIMAP691 and the 
IX 6.9 kit will have the subset IAECYRIMAP690. Hence, IX 6.9 Cyrus-Imap will not be allowed to 
overwrite binary delivered by this ERP. All the features present in IX 6.9 Cyrus-Imap are 
available in this ERP.


KNOWN PROBLEMS WITH THE PATCH KIT:

None.


[R] UNIX is a registered trademark in the United States and other countries 
licensed exclusively through X/Open Company Limited.

Copyright Hewlett-Packard Company 2009.  All Rights reserved.

  This software is proprietary to and embodies the confidential technology
  of Hewlett-Packard Company.  Possession, use, or copying of this
  software and media is authorized only pursuant to a valid written license
  from Hewlett-Packard or an authorized sublicensor.

       This ECO has not been through an exhaustive field test process.
       Due to the experimental stage of this ECO/workaround, Hewlett-Packard
       makes no representations regarding its use or performance. The
       customer shall have the sole responsibility for adequate protection
       and back-up data used in conjunction with this ECO/workaround.