======================================================================= Hewlett-Packard OpenVMS ECO Cover Letter ======================================================================= ECO NUMBER: DCE_030_SSRT3608-V0100 PRODUCT: OpenVMS DCE OPERATING SYSTEM V0.0 UPDATE PRODUCT: OpenVMS DCE OPERATING SYSTEM V0.0 1 KIT NAME: DCE_030_SSRT3608-V0100 2 KIT DESCRIPTION: 2.1 Installation Rating: INSTALL_2: To be installed by all customers using the following feature(s): - DCE and/or RPC This installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) 2.2 Reboot Requirement: No reboot is necessary after successful installation of the kit. See Section 7.3 Special Installation Instructions for pre and post installation tasks. 2.3 Version(s) of OpenVMS to which this kit may be applied: OpenVMS Alpha V6.2 through V7.3-1 2.4 New functionality or new hardware support provided: No. 3 KITS SUPERSEDED BY THIS KIT: - None. 4 KIT DEPENDENCIES: 4.1 The following remedial kit(s), or later, must be installed BEFORE installation of this, or any required kit: - V7.3-1 : DEC-AXPVMS-VMS731_PCSI-V0100--4.PCSI - V7.3 : DEC-AXPVMS-VMS73_PCSI-V0100--4.PCSI Page 2 - V7.2-2 : DEC-AXPVMS-VMS722_PCSI-V0100--4.PCSI 4.2 In order to receive all the corrections listed in this kit, the following remedial kits, or later, should also be installed: - DEC-AXPVMS-DCOM_013_SSRT3608-V0100--4.PCSI 5 FILES PATCHED OR REPLACED: o [SYSLIB]DCE$LIB_SHR.EXE (new image for Alpha V7.2 and higher) Image Identification Information: image name: "DCE$LIB_SHR" image file identification: "DCE V3.0-020926" image file build identification: "" link date/time: 18-AUG-2003 05:40:41.73 linker identification: "A11-50" o [SYSLIB]DCE$LIB_SHR.EXE (new image for Alpha versions prior to V7.2) Image Identification Information: image name: "DCE$LIB_SHR" image file identification: "DCE V3.0-020930" image file build identification: "" link date/time: 20-AUG-2003 07:06:04.27 linker identification: "A11-20" 6 PROBLEMS ADDRESSED IN THIS KIT 6.1 New problems addressed in the DCE_030_SSRT3608-V0100 kit 6.1.1 Denial Of Service 6.1.1.1 Problem Description: A potential denial of service has been identified on OpenVMS systems with DCE or COM installed. These OpenVMS system could be vunerable to a remote initated Buffer Overflow which would result a hang of DCE or COM applications on OpenVMS. In addition to the DCE_030_SSRT3608-V0100 ECO kit, OpenVMS customers with DCE or RPC applications in use on their systems should apply the recommended DCOM_013_SSRT3608-V0100 patch as soon as possible to prevent applications hangs. Page 3 Images Affected: - [SYSLIB]DCE$LIB_SHR.EXE 6.1.1.2 CLDs, and QARs reporting this problem: 6.1.1.3 CLD(s) None. 6.1.1.4 QAR(s) None. 6.1.1.5 Problem Analysis: See Problem Description 6.1.1.6 Work-arounds: None. 7 INSTALLATION INSTRUCTIONS: 7.1 Installation Command Install this kit with the POLYCENTER Software installation utility by logging into the SYSTEM account, and typing the following at the DCL prompt: PRODUCT INSTALL DCE_030_SSRT3608 /SOURCE=[location of Kit] The kit location may be a tape drive, CD, or a disk directory that contains the kit. Additional help on installing PCSI kits can be found by typing HELP PRODUCT INSTALL at the system prompt 7.2 Scripting of Answers to Installation Questions During installation, this kit will ask and require user response to several questions. If you wish to automate the installation of this kit and avoid having to provide responses to these questions, you must create a DCL command procedure that includes the following definitions and commands: - $ DEFINE/SYS NO_ASK$BACKUP TRUE Page 4 - Add the following qualifiers to the PRODUCT INSTALL command and add that command to the DCL procedure. /PROD=DEC/BASE=AXPVMS/VER=V1.0 - De-assign the logicals assigned For example, a sample command file to install the DCE_030_SSRT3608-V0100 kit would be: $ $ DEFINE/SYS NO_ASK$BACKUP TRUE $! $ PROD INSTALL DCE_030_SSRT3608/PROD=DEC/BASE=AXPVMS/VER=V1.0 $! $ DEASSIGN/SYS NO_ASK$BACKUP $! $ exit 7.3 Special Installation Instructions: One of the following commands must be run prior to installing this kit: o Fully configured DCE V3.0 systems: @SYS$MANAGER:DCE$SETUP CLEAN o RPC only configured systems: @SYS$MANAGER:DCE$RPC_SHUTDOWN One of the following commands must be run after the kit installation completes: o Fully configured DCE V3.0 systems: @SYS$MANAGER:DCE$SETUP START o RPC only configured systems: @SYS$MANAGER:DCE$RPC_STARTUP Page 5 8 COPYRIGHT AND DISCLAIMER: (C) Copyright 2003 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP and/or its subsidiaries required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Neither HP nor any of its subsidiaries shall be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for HP products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL COMPAQ BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.