TITLE: SSRT4717 - HP Tru64 UNIX - Potential OpenSSL Security Vulnerabilities Copyright (c) Hewlett-Packard Company 2004. All rights reserved. PRODUCT: BINDv9 9.2.0 for Tru64 UNIX 5.1A and 5.1B SOURCE: Hewlett-Packard Company ECO INFORMATION: ECO Name: T64V51AB-IX621-BIND920-SSRT4717.tar ECO Kit Approximate Size: 13.5 MB Kit Applies To: Tru64 5.1A or 5.1B systems on latest supported base levels. # /usr/bin/cksum T64V51AB-IX621-BIND920-SSRT4717.tar 3229552350 14080000 T64V51AB-IX621-BIND920-SSRT4717.tar # /usr/bin/sum T64V51AB-IX621-BIND920-SSRT4717.tar 63893 13750 T64V51AB-IX621-BIND920-SSRT4717.tar ECO KIT SUMMARY: A setld-based patch kit exists for BINDv9 that contains solutions to the following problem(s): Potential security vulnerability has been identified in OpenSSL which is used by BINDv9 9.2.0 that may be exploitable resulting in Denial of Service(DoS). BINDv9 is distributed via the Internet Express(IX) set of products available for Tru64 UNIX. o SSRT4717 Internet Express BINDv9 (Severity - High) Cross References: CAN-2004-0079 HP has addressed these potential vulnerabilities with this patched version of BINDv9 9.2.0. The Patch Kit Installation Instructions and the Patch Summary and Release Notes documents provide patch kit installation and removal instructions and a summary of each patch. Please read these documents prior to installing patches on your system. The patches in this ERP kit are scheduled to be available in the next mainstream Internet Express (IX) release: V6.3. ********************************** Special Installation Instructions: ********************************** This patch kit is needed if you have the Bind subset from IX V6.2 (IAEBIND620) or older installed. To install this patch kit: # su root # tar xvf T64V51AB-IX621-BIND920-SSRT4717.tar # cd bind_kit # setld -l . IAEBIND621 To remove this patch kit: # su root # setld -d IAEBIND621 INSTALLATION PREREQUISITES: You must have Tru64 UNIX 5.1B or 5.1A installed with the latest supported base level prior to installing this Patch Kit. KNOWN PROBLEMS WITH THE PATCH KIT: None. [R] UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Limited. Copyright Hewlett-Packard Company 2004. All Rights reserved. This software is proprietary to and embodies the confidential technology of Hewlett-Packard Company. Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from Hewlett-Packard or an authorized sublicensor. This ECO has not been through an exhaustive field test process. Due to the experimental stage of this ECO/workaround, Hewlett-Packard makes no representations regarding its use or performance. The customer shall have the sole responsibility for adequate protection and back-up data used in conjunction with this ECO/workaround.