Jump to page titleUNITED STATES
hp.com home products and services support and drivers solutions how to buy
» contact hp


more options
 
hp.com home
End of Jump to page title
HP Services Software Patches
Jump to content


» software & drivers
» ask Compaq
» reference library
» forums & communities
» support tools
» warranty information
» contact support
» parts
» give us feedback

patches by topic
» DOS
» OpenVMS
» Security
» Tru64 Unix
» Ultrix 32
» Windows
» Windows NT

associated links
» what's new
» contract access
» browse patch tree
» search patch tree
» join mailing list

connection tools
» nameserver lookup
» traceroute
» ping


Find Support Information and Customer Communities for Presario.
Content starts here
SSRT0588U COMPAQ COMPUTER CORPORATION ADVISORY TITLE: DIGITAL UNIX V3.2g V4.0, V4.0a, V4.0b, V4.0c, V4.0d, V4.0e
TITLE: SSRT0588U COMPAQ COMPUTER CORPORATION ADVISORY
 
_____________________________________________________________
UPDATE:                                         FEB  15,  1999


  TITLE: DIGITAL UNIX V3.2g V4.0, V4.0a, V4.0b, V4.0c, V4.0d, V4.0e
         - Potential Security Vulnerability
        ref#: SSRT0588U "edauth"


  SOURCE: Compaq Computer Corporation
          Software Security Response Team


 "Compaq is broadly distributing this Security Advisory in order
 to bring to the attention of users of Compaq products the
 important security information contained in this Advisory.
 Compaq recommends that all users determine the applicability of
 this information to their individual situations and take
 appropriate action.

 Compaq does not warrant that this information is necessarily
 accurate or complete for all user situations and, consequently,
 Compaq will not be responsible for any damages resulting from
 user's use or disregard of the information provided in this
 Advisory."

----------------------------------------------------------------------
IMPACT:

  A potential vulnerability with the /usr/tcb/bin/edauth command
  has recently been discovered for Compaq's DIGITAL UNIX software, where
  under certain circumstances, an authorized user may gain unauthorized
  security information.


----------------------------------------------------------------------
RESOLUTION:


 This potential security problem has been resolved and a
 patch for this problem has been made available for
 Compaq's DIGITAL UNIX V3.2g and V4.0 to V4.0e.

 *This solution will be included in a future distributed release of
  Compaq's DIGITAL UNIX.


Patch ID:     ssrt0588u.tar.gz


  This patch may be obtained from the World Wide Web at the
  following FTP address:
 
http://www.support.compaq.com/patches

        Use the FTP access option, select UNIX directory
        then choose the appropriate version directory and
        download the patch accordingly.

  Note: [1]  The appropriate patch kit must be installed
        following any upgrade to V3.2g, V4.0, V4.0a, V4.0b, V4.0c,
        V4.0d, V4.0e.  If you upgrade from one version to
        another, i.e., V4.0b to V4.0d you should re-install
        this patch.

        [1.a]  V3.2g, V4.0, V4.0e installations:
                  This patch may be installed on any  patch kit base level.
                    
                  V40.a thru V4.0d installations:
                  Requires a minimum of patch kit base level 10 (BL10) 
                  be installed prior to the installation of this kit.
              
        [2]   IMPORTANT - Please review all README and
                RELEASE NOTES which are related to this patch, 
                prior to installation of this patch.

 Additional Considerations:

   The following components are updated by these patch:

        /usr/ccs/lib/libsecurity.a
        /usr/shlib/libsecurity.so

   If you believe you have, or aren't sure if you have, previously
   installed a patch to any of these modules you should contact your
   normal Compaq Services support channel.

   Also, if you need further information, please contact your normal
   Compaq Services support channel.

   Compaq appreciates your cooperation and patience. We regret any
   inconvenience applying this information may cause.

   As always, Compaq urges you to periodically review your system
   management and security procedures.

   Compaq will continue to review and enhance the security
   features of its products and work with customers to maintain and
   improve the security and integrity of their systems.
  ______________________________________________________________
  Copyright (c) Compaq Computer Corporation, 1999 All
  Rights Reserved.
  Unpublished Rights Reserved Under The Copyright Laws Of
  The United States.
  ______________________________________________________________


Files on this server are as follows:
»ssrt0588u.README
»ssrt0588u.CHKSUM
»ssrt0588u.tar.gz
privacy statement using this site means you accept its terms