SSRT0588U COMPAQ COMPUTER CORPORATION ADVISORY
TITLE: SSRT0588U COMPAQ COMPUTER CORPORATION ADVISORY
_____________________________________________________________
UPDATE: May 7, 1999
UPDATE TYPE: Reloaded Kit to FTP Site
TITLE: DIGITAL UNIX V3.2g V4.0, V4.0a, V4.0b, V4.0c, V4.0d, V4.0e
- Potential Security Vulnerability
ref#: SSRT0588U "edauth"
SOURCE: Compaq Computer Corporation
Software Security Response Team
"Compaq is broadly distributing this Security Advisory in order
to bring to the attention of users of Compaq products the
important security information contained in this Advisory.
Compaq recommends that all users determine the applicability of
this information to their individual situations and take
appropriate action.
Compaq does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Compaq will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Advisory."
----------------------------------------------------------------------
IMPACT:
A potential vulnerability with the /usr/tcb/bin/edauth command
has recently been discovered for Compaq's DIGITAL UNIX software, where
under certain circumstances, an authorized user may gain unauthorized
security information.
----------------------------------------------------------------------
RESOLUTION:
This potential security problem has been resolved and a
patch for this problem has been made available for
Compaq's DIGITAL UNIX V3.2g and V4.0 to V4.0e.
*This solution will be included in a future distributed release of
Compaq's DIGITAL UNIX.
Patch ID: ssrt0588u.tar.gz
This patch may be obtained from the World Wide Web at the
following FTP address:
http://www.support.compaq.com/patches
Use the FTP access option, select UNIX directory
then choose the appropriate version directory and
download the patch accordingly.
Note: [1] The appropriate patch kit must be installed
following any upgrade to V3.2g, V4.0, V4.0a, V4.0b, V4.0c,
V4.0d, V4.0e. If you upgrade from one version to
another, i.e., V4.0b to V4.0d you should re-install
this patch.
[1.a] V3.2g, V4.0, V4.0e installations:
This patch may be installed on any patch kit base level.
V40.a thru V4.0d installations:
Requires a minimum of patch kit base level 10 (BL10)
be installed prior to the installation of this kit.
[2] IMPORTANT - Please review all README and
RELEASE NOTES which are related to this patch,
prior to installation of this patch.
Additional Considerations:
The following components are updated by these patch:
/usr/ccs/lib/libsecurity.a
/usr/shlib/libsecurity.so
If you believe you have, or aren't sure if you have, previously
installed a patch to any of these modules you should contact your
normal Compaq Services support channel.
Also, if you need further information, please contact your normal
Compaq Services support channel.
Compaq appreciates your cooperation and patience. We regret any
inconvenience applying this information may cause.
As always, Compaq urges you to periodically review your system
management and security procedures.
Compaq will continue to review and enhance the security
features of its products and work with customers to maintain and
improve the security and integrity of their systems.
______________________________________________________________
Copyright (c) Compaq Computer Corporation, 1999 All
Rights Reserved.
Unpublished Rights Reserved Under The Copyright Laws Of
The United States.
______________________________________________________________
This patch can be found at any of these sites:
Colorado Site
Georgia Site
Files on this server are as follows:
ssrt0588u.README
ssrt0588u.CHKSUM
ssrt0588u.tar.gz
|