Basic search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3720
HistoryNov 06, 2002 - 12:00 a.m.

[security bulletin] SSRT2265 HP TruCluster Server Interconnect Potential Security Vulnerability (fwd)

2002-11-0600:00:00
vulners.com
10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SECURITY BULLETIN

REVISION: 0

TITLE: SSRT2265 HP TruCluster Server Interconnect
Potential Security Vulnerability

NOTICE: There are no restrictions for distribution of
this Bulletin provided that it remains complete
and intact.

RELEASE DATE: 04 November 2002

SEVERITY: High

SOURCE: Compaq Computer Corporation,
a wholly-owned subsidiary of
Hewlett-Packard Company and
Hewlett-Packard Company HP Services
Software Security Response Team

REFERENCE: SSRT2265, CVE CAN-2002-0711

PROBLEM SUMMARY

This bulletin will be posted to the support website
within 24 hours of release to
http://thenew.hp.com/country/us/eng/support.html
Use the SEARCH IN feature box, enter SSRT2265
in the search window.

SSRT2265 Cluster Interconnect (Severity High)

A potential security vulnerability has been discovered
in HP TruCluster Server software that may result in a
denial
of service (DoS). This potential vulnerability may be in
the
form of local and remote security domain risks.

VERSIONS IMPACTED

HP TruCluster Server V5.1A

HP TruCluster Server V5.1

HP TruCluster Server V5.0A

NOT IMPACTED

HP-UX

HP-MPE/ix

HP NonStop Servers

HP OpenVMS

RESOLUTION

HP TruCluster Server - Early Release Patches (ERPs) are
now
available for all affected versions of HP TruCluster
Server
product versions. The ERP kits use dupatch to install and
will
not install over any Customer-Specific-Patches (CSPs)
which
have file intersections with the ERPs. Contact your
normal support
channel and request HP Tru64 services elevate a case to
Support Engineering if a CSP must be merged with one of
the ERPs.

Please review the README file for each patch prior to
installation.

HP TruCluster Server 5.1A:
Prerequisite: V5.1A with Patch Kit 3 (BL3) installed

ERP Kit Name: tcv51ab3-c0008601-15346-es-20020905.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1a/

HP TruCluster Server V5.1A with PK2 (BL2) installed:
update to a
minimum of PK3 (BL3) then install ERP
tcv51ab3-c0008601-15346-es-20020905.tar

HP TruCluster Server 5.1:
Prerequisite: V5.1 with Patch Kit 5 (BL19) installed
ERP Kit Name: tcv51b19-c0030403-15347-es-20020905.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1/

HP TruCluster Server 5.1 with PK4(BL18) installed: update
to a
minimum of PK5 (BL19) then install ERP
tcv51b19-c0030403-15347-es-20020905.tar

HP TruCluster Server 5.0A
Prerequisite: V5.0A with Patch Kit 3 (BL17) installed
ERP Kit Name: tcv50ab17-c0005202-15352-es-20020905.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.0a/

MD5 and SHA1 checksums are available in the public patch
notice
and CHECKSUM file for each patch on the FTP site for each
of the
ERP kits. You can find information on how to verify MD5
and SHA1
checksums at:
http://www.support.compaq.com/patches/whats-new.shtml

After completing the update, HP strongly recommends that
you perform
an immediate backup of your system disk so that any
subsequent
restore operations begin with updated software.
Otherwise, you
must reapply the update after a future restore operation.
Also,
if at some future time you upgrade your system to a later
patch
version, you may need to reapply the appropriate update.

SUPPORT: For further information, contact HP Services.=20

SUBSCRIBE:
To subscribe to automatically receive future Security
Advisories from the Software Security Response Team via
electronic mail:
http://www.support.compaq.com/patches/mailing-list.shtml=20

REPORT: To report a potential security vulnerability with
any HP or Compaq supported product, send email to:
security-alert@hp.com

HP and Compaq appreciate your cooperation and patience. As
always, HP and Compaq urge you to periodically review your
system management and security procedures. HP and Compaq
will continue to review and enhance the security features
of its products and work with our customers to maintain and
improve the security and integrity of their systems. =20
"HP and Compaq are broadly distributing this Security
Bulletin in order to bring to the attention of users of the
affected Compaq products the important security information
contained in this Bulletin. HP and Compaq recommend that
all users determine the applicability of this information
to their individual situations and take appropriate action.
Neither HP nor Compaq warrant that this information is
necessarily accurate or complete for all user situations
and, consequently, neither HP nor Compaq will be
responsible for any damages resulting from user's use or
disregard of the information provided in this Bulletin."

(c)Copyright 2002 Hewlett-Packard Company Hewlett-Packard
Company shall not be liable for technical or editorial
errors or omissions contained herein. The information in
this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of
Hewlett-Packard Company in the United States and other
countries. Other product and company names mentioned herein
may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPcf/FDnTu2ckvbFuEQL+aQCg4Gz312HjMSSa1X+vgpyUitNZ7xIAn269
+014m2cIgfwf2CBHFFD0u3OH
=pyn4
-----END PGP SIGNATURE-----

Related for SECURITYVULNS:DOC:3720