MAILbus 400 Message Transfer Agent and Application Program Interface, Version X3.1-1 for HP Tru64 UNIX This Cover Letter lists the functional changes that have been introduced in Version X3.1-1 of MAILbus 400 MTA and MAILbus 400 Application Program Interface (API). Functional Changes: ------------------- MTA Version X3.1-1 is based on MTA V3.1 and it includes the fix for ASN.1 Vulnerabilities. 1. Fix for SSRT3624 X.400 potential security vulnerability via ASN.1 cross reference: NISCC (006489) A potential denial of service has been identified that may allow a remote initiated Buffer Overflow when malformed ASN.1 messages are submitted. This potential buffer overflow has been fixed in this version. Installation Prerequisites and Procedure: ----------------------------------------- Versions of Tru64 UNIX that this patch should be installed on: This patch should be installed on all the Tru64 UNIX machines that are running MAILbus 400 MTA V3.1. Installing Version X3.1-1: To install this kit, follow the instructions given in "MAILbus 400 Installing on Tru64 UNIX System Version 3.1". o Make sure you install one of the following configurations of prerequisite software: To install the TruCluster enabled MAILbus 400 MTA V3.1 on a non-cluster system, make sure you install one of the following configurations of prerequisite software: - Tru64 UNIX V4.0G DECnet-Plus for Tru64 UNIX V4.0C or later Tru64 UNIX Enterprise Directory V5.0 or later. - Tru64 UNIX V5.0, V5.1, V5.1A or later DECnet-Plus for Tru64 UNIX 5.0-1 or later Tru64 UNIX Enterprise Directory V5.0 or later To install the TruCluster enabled MAILbus 400 MTA V3.1 on a TruCluster system, make sure you install the following configurations of prerequisite software: - Tru64 UNIX V5.1 (Rev. 732) or later; TruCluster Server T5.1-10 (Rev. 387) or later; DECnet-Plus for Tru64 UNIX V5.0A-1 (Rev. 4.4) or later; Tru64 UNIX Enterprise Directory V5.0 or later (not required for the API); Note: Note1: Due to limitation in the Schema supplied with X.500 Directory service V4.0-25 not all features within V3.1 of the MTA are available with this version of directory Note2: If your system is running DECnet V4.0C, V5.0-1, V5.0A-1 or V5.1 you need to install the "libdnamgmt.so" DECnet patch. Note3: The Port 200 will be registered for 'mta_api_ server' service in the file /etc/clua_services as 'in_ multi, static' during the MTA installation process on a Trucluster environment. Note4: When installing MTA on a TruCluster environment, Port 102 has to be registered for 'rfc1006' in the file /etc/clua_services as 'in_multi,static,out_alias'. Following is a brief description about the Installation procedure on a non clustered environment: (For detailed installation procedure, refer the steps described in the Manual "MAILbus 400 Installing on Tru64 UNIX System Version 3.1") 1. Copy the tar file to a directory, for example, /tmp1, on the target node. 2. Create a temporary directory, for example, /tmp2, to contain the MTA and API subsets. 3. Change current directory to /tmp2. 4. Unpack the tar file into this directory, for example: # tar -xvf /tmp1/mailbus_400_mta.tar 5. You can now install MTA X3.1.1 from the temporary directory: # setld -l . When you deinstall the MTA, the MTA startup script (/var/mta /scripts/ start_mta.ncl) is renamed to /var/mta/scripts/start_ mta.ncl.savn, where n is a number. The MTA installation pro- cedure installs a new template /var/mta/scripts/start_mta.ncl file. After the subsets have been successfully installed, reap- ply your saved changes to the new copy of the start_mta.ncl file. For the MAILbus 400 API, if you are using the archive libraries on Tru64 UNIX, you will need to relink your application after you has installed Version X3.1.1. The version number of this kit when displayed using NCL manage- ment is X3.1.1 To identify this kit, type the following command: # what /usr/sbin/mta/mta | grep MAILbus the following is the response from this command MAILbus 400 MTA (X3.1-1) Fri Nov 21 12:46:06 IST 2003 Problem reporting: ------------------ Problems relating specifically to this kit should be reported through your normal HP support channel.