I don't want to get into trouble from the list gods and perhaps most
of us are on Bugtraq but for those who aren't:
----- Forwarded message from Elias Levy <aleph1_at_SECURITYFOCUS.COM> -----
Subject: Compaq Management Agents for Tru64 UNIX
From: Elias Levy <aleph1_at_SECURITYFOCUS.COM>
To: BUGTRAQ_at_SECURITYFOCUS.COM
Date: Fri, 06 Apr 2001 17:42:30 -0600
Reply-to: aleph1_at_SECURITYFOCUS.COM
Date: Fri, 6 Apr 2001 17:30:45 -0600
From: system PRIVILEGED account <root_at_nfsserver.support.compaq.com>
To: "Unix Patch Mailing List" <unix_at_list.support.compaq.com>
Subject: Compaq Management Agents for Tru64 UNIX
Reply-To: ECO-Queries_at_compaq.com
*******************************************************************************
* *
* This is an update to an existing patch... *
* *
* Online links can be found at *
*
http://ftp.support.compaq.com/patches/public/unix/v4.0f/mupssrt0715u_cpqim_01.README
*******************************************************************************
TITLE: Compaq Management Agents for Tru64 UNIX
PATCH IDENTIFICATION: MUPssrt0715u_cpqim_01
CATEGORY: Software Update
OPERATING SYSTEM: Tru64 UNIX V4.0f, 4.0g, 5.0, 5.0a and 5.1
EFFECTIVE DATE: 4/05/2001
ELECTRONIC DISTRIBUTION ALLOWED: Yes
DESCRIPTION:
This is a Mandatory software update which contains a new version of the
Compaq Management Agents for Tru64 UNIX. This Patch Kit supercedes
the MUPssrt0705_cpqim patch kit for Tru64 UNIX.
Enhancements/Fixes:
This Security Advisory addresses a potential security vulnerability in
Compaq web-enabled software, which can act a generic proxy server. Internal
traffic going out to the Internet can bypass a normal proxy server filtering
by using TCP/IP port 2301 and external traffic may be able to infiltrate
internal networks if there is no additional firewall protection.
Compaq strongly recommend that web-enabled agents and utilities are deployed
only in private networks and are not used on the open Internet or on systems
outside the bounds of the firewall. The implementation of sound security
practices, which includes disabling access to non-essential ports, such as
the Compaq Management ports :2301 and :280, should help to protect customers
from external malicious attacks. Compaq also recommends that strong passwords
are used and are changed regularly.
WARNING:
THIS KIT MUST BE RE-INSTALLED FOLLOWING AN OS UPDATE TO TRU64 UNIX V4.0F,
4.0G, 5.0, 5.0A, OR 5.1. FAILURE TO DO SO WILL RESULT IN THE INTRODUCTION
OF THE SSRT0705 and SSRT0715 SECURITY VULNERABILITIES.
Instructions on how to apply this software update
-------------------------------------------------
The software update is in a file (MUPssrt0715u_cpqim_01.tar) which contains
an updated version of the agents in setld format.
The goal will be for an administrator to download the software update from
this FTP site, copy it to the target Tru64 UNIX System and extract the files.
If you are applying this patch to a cluster, perform the steps below on one
cluster member only, providing that all members are running.
The following steps provide detailed instructions:
Step 1: As super user (root) create a temporary directory on the target
Tru64 UNIX Alpha System, ie: /usr/tmp/patch
Download the tar file into that directory.
Step 2: Uncompress and extract the target files
# cd /usr/tmp/patch
# /usr/bin/tar xvf MUPssrt0715u_cpqim_01.tar
A directory named cpqim222 will be extracted. It contains the setld
kit files.
Step 3: Install the setld kit:
# /usr/sbin/setld -l cpqim222
Step 4: Follow the setld instructions.
Step 5: When the installation is complete, delete the temporary subdirectory
on the target server.
# rm -r /usr/tmp/patch
============================================================================
Copyright 2001, Compaq Computer Corporation. All rights reserved.
Compaq does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Compaq will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
document.
Product names mentioned herein may be trademarks and/or registered
trademarks of their respective companies.
----- End forwarded message -----
--
Daniel Monjar (mailto:dmonjar_at_orgtek.com)
Received on Mon Apr 09 2001 - 13:17:16 NZST