Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Tru64 UNIX Potential Security Vulnerability

Tru64 UNIX Potential Security Vulnerability

by Nikola Strahija on February 2nd, 2002 It has been reported to Compaq that Tru64 UNIX has a potential security vulnerability with it's utilization of temporary files in the shell programs and system startup or management scripts. The potential security vulnerability can only be exploited by users who have access to your local security domain.


PROBLEM SUMMARY:

(1). (SSRT1-41U) It has been reported to Compaq that
Tru64 UNIX has a potential security vulnerability with
it's utilization of temporary files in the shell programs
and system startup or management scripts.

Because the potential security vulnerability can only be
exploited by users who have access to your local security
domain, the risk is diminished. Many systems operate in
a "turn key" mode where login access exists only for system
administration. These systems are not at risk.
Examples of these systems are file servers and web servers.

There are things that can be done to reduce the potential
vulnerability and exposure. A set of Compaq guidelines are
available from the Compaq Services web page at:

http://www.support.compaq.com/sec/system-protections-tru64.html

(2). (SSRT0742U, SSRT0759U) A potential security vulnerability
has been reported, where under certain circumstances, system
integrity may be compromised. This may be in the form of
improper privileged application core file access.


VERSIONS IMPACTED:

All supported versions as well as recent prior versions.
The affected versions include but are not limited to Tru64 UNIX
versions V5.1a, V5.1, V5.0a, V5.0, V4.0g, V4.0f and V4.0d.

RESOLUTION:


Early Release Patches (ERPs) are available for all supported
versions of Tru64 UNIX Tru64 UNIX 4.0F, 4.0G, 5.0A, 5.1 and 5.1A
and as a courtesy, for V4.0D and V4.0F as support for these two have
just recently ended.


To obtain a the patch or patches needed, connect to the
FTP site ftp://ftp.support.compaq.com/public/unix/
choose the version directory required and download the
appropriate patch.


---------------------
Early Release Patches
---------------------

Until the Tru64 UNIX fixes are generally available in
mainstream patch kits, Compaq recommends use of the following
Early Release Patches(ERP) kits:

Tru64 UNIX 4.0D
Prerequisite: 4.0D with Patch Kit 9 (BL17) installed
ERP Kit Name: DUV40DB17-C0061401-12858-E-20020115.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0d/

Tru64 UNIX 4.0F:
Prerequisite: 4.0F with Patch Kit 6 (BL17) installed
ERP Kit Name: DUV40FB17-C0061801-12860-E-20020115.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0f/

Prerequisite: 4.0F with Patch Kit 7 (BL18) installed
ERP Kit Name: DUV40FB18-C0065000-12930-E-20020122.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0f/

Tru64 UNIX 4.0G:
Prerequisite: 4.0G with Patch Kit 3 (BL17) installed
ERP Kit Name: T64V40GB17-C0009303-12856-E-20020115.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v4.0g/

Tru64 UNIX 5.0:
Prerequisite: 5.0 with Patch Kit 4 (BL17) installed
ERP Kit Name: T64V50B17-C0006900-12861-E-20020115.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v5.0/

Tru64 UNIX 5.0A:
Prerequisite: 5.0A with Patch Kit 3 (BL17) installed
ERP Kit Name: T64V50AB17-C0017601-12862-E-20020115.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v5.0a/

Tru64 UNIX 5.1:
Prerequisite: 5.1 with Patch Kit 3 (BL17) installed
ERP Kit Name: T64V51B17-C0095501-12931-E-20020122.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v5.1/

Prerequisite: 5.1 with Patch Kit 4 (BL18) installed
ERP Kit Name: T64V51B18-C0094800-12864-E-20020115.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v5.1/

Tru64 UNIX 5.1A:
Prerequisite: 5.1A with Patch Kit 1 (BL1) installed
ERP Kit Name: T64V51AB1-C0008900-12954-E-20020124.tar
Kit Location: http://ftp1.support.compaq.com/public/unix/v5.1a/

MD5 and SHA1 checksums are available in the public patch notice for
the ERP kits. You can find information on how to verify MD5 and SHA1
checksums at:
http://www.support.compaq.com/patches/whats-new.shtml


The fixes contained in the early release patch (ERP) kits will be
available in the next aggregate patch kits for each supported product
release as follows:
- Tru64 UNIX 4.0F PK8
- Tru64 UNIX 4.0G PK3
- Tru64 UNIX 5.0A PK4
- Tru64 UNIX 5.1 PK5
- Tru64 UNIX 5.1A PK2

NOTE: (1) Please review the README file(s) for each patch prior
to installation.

After completing the update, Compaq strongly recommends that
you perform an immediate backup of your system disk so that
any subsequent restore operations begin with updated software.
Otherwise, you must reapply the update after a future
restore operation. Also, if at some future time you upgrade your
system to a later patch version, you may need to reapply the
appropriate update.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »