SEARCH CONTACT US SUPPORT SERVICES PRODUCTS STORE
United States    
COMPAQ STORE | PRODUCTS | SERVICES | SUPPORT | CONTACT US | SEARCH
gears
compaq support options
support home
software & drivers
ask Compaq
reference library
support forum
frequently asked questions
support tools
warranty information
service centers
contact support
product resources
parts for your system
give us feedback
associated links
.
} what's new
.
} contract access
.
} browse patch tree
.
} search patches
.
} join mailing list
.
} feedback
.
patches by topic
.
} DOS
.
} OpenVMS
.
} Security
.
} Tru64 Unix
.
} Ultrix 32
.
} Windows
.
} Windows NT
.
connection tools
.
} nameserver lookup
.
} traceroute
.
} ping

TITLE:SSRT0622-OSIS Potential Security problem when using 'wu-ftpd' Shipped with OSIS and IASS * No Restrictions For Distribution * ______________________________________________________________ UPDATE: NOV 20, 1999 TITLE: Potential Security Problem when using wu-ftpd as a part of Open Source Internet Solutions (OSIS). SOURCE: Compaq Computer Corporation Software Security Response Team x-ref: SSRT0622 "Compaq is broadly distributing this Security Advisory in order to bring to the attention of users of Compaq products the important security information contained in this Advisory. Compaq recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Compaq does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Compaq will not be responsible for any damages resulting from user's use or disregard of the information provided in this Advisory." ------------------------------------------------------ IMPACT: The wu-ftpd version 2.5.0 is the subject of recent CERT and CIAC security advisories and the solution is to upgrade to wu-ftpd 2.6.0. Also, the wu-ftpd as included in IASS V4.2, OSIS V5.0, and OSIS V5.1 was modified to work both with and without Enhanced (C2) Security enabled but in doing so, some of the advanced access and logging features of wu-ftpd (such as guestgroup) were broken. In this patch kit, that problem has been fixed, and it will still work either with or without Enhanced (C2) Security enabled (although accounts with secondary passwords are not supported). ---------------------------------------------------------------------- RESOLUTION: A patch has been provided by the OSIS development engineering group please follow the attached installation instructions. Installation Instructions ------------------------- This patch may be obtained from the World Wide Web at the following FTP address: http://www.support.compaq.com/patches Patch name: SSRT0622-OSIS Unpack the copied tar file and use setld to install it: # tar xf ssrt0622-osis.tar # setld -l ssrt0622-osis.tar Additional Considerations: If you need further information, please contact your normal Compaq Services support channel. Compaq appreciates your cooperation and patience. We regret any inconvenience applying this information may cause. As always, Compaq urges you to periodically review your system management and security procedures. Compaq will continue to review and enhance the security features of its products and work with customers to maintain and improve the security and integrity of their systems. ______________________________________________________________ Copyright (c) Compaq Computer Corporation, 1999 All Rights Reserved. Unpublished Rights Reserved Under The Copyright Laws Of The United States.



This patch can be found at any of these sites:

Colorado Site
Georgia Site



Files on this server are as follows:

ssrt0622-osis.README
ssrt0622-osis.CHKSUM
ssrt0622-osis.tar

privacy and legal statement