-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
** NO RESTRICTIONS **
** FOR DISTRIBUTION **
====================================================
TITLE: SSRT1-85U - xntpd potential buffer overflow
SOURCE: Compaq Computer Corporation,
Software Security Response Team
====================================================
Date: 02-MAY-2001
SEVERITY: HIGH
PROBLEM STATEMENT SUMMARY:
Compaq continues to take a serious approach to the quality
and security of all its software products and makes every
effort to address issues and provide solutions in a timely
manner. In line with this commitment, Compaq is responding
to recent concerns of a potential buffer overflow with xntpd.
The Network Time Protocol daemon for Compaq Tru64 UNIX
contains a potential buffer overflow (even though it would be
difficult to exploit) that may allow unauthorized access to bin
privileges.
IMPACT:
Compaq's Tru64 UNIX V4.0d, V4.0f, V4.0g, V5.0, V5.0a, V5.1
SOLUTION:
Compaq Tru64 UNIX engineering has provided a fix for this
potential problem.
NOTE: The solutions will be included in future releases of
Tru64 UNIX aggregate patch kits. Until that has happened
the kits identified should be reinstalled accordingly after an
upgrade to any affected version listed.
The patches identified are available from the Compaq FTP site
http://ftp1.support.compaq.com/public/dunix/ then choose the
version directory needed and search for the patch by name.
Please review the applicable readme and install files prior
to installation.
Patches:
V4.0D: DUV40D16-C0058302-10580-20010430.tar
V4.0F: DUV40F16-C0042002-10579-20010430.tar
V4.0G: T64V40G16-C0003502-10577-20010430.tar
V5.0: T64V5016-C0006102-10575-20010430.tar
V5.0A: T64V50A16-C0010402-10574-20010430.tar
V5.1: T64V513-C0027202-10573-20010430.tar
NOTE: A patch for Compaq Tru64 UNIX V4.0e is not available
as it is no longer supported by Compaq. If you require a patch
for V4.0e please contact your normal Compaq Services channel.
Compaq appreciates your cooperation and patience. We regret any
inconvenience applying this information may cause.
As always, Compaq urges you to periodically review your system
management and security procedures. Compaq will continue to
review and enhance the security features of its products and work
with customers to maintain and improve the security and integrity
of their systems.
(c) Copyright 2001 Compaq Computer Corporation. All rights reserved
To subscribe to automatically receive future NEW Security
Advisories from the Compaq's Software Security Response Team
via electronic mail,
Use your browser select the URL
http://www.support.compaq.com/patches/mailing-list.shtml
Select "Security and Individual Notices" for immediate dispatch
notifications directly to your mailbox.
To report new Security Vulnerabilities, send mail to:
security-ssrt_at_compaq.com
=============================================
COMPAQ AND/OR ITS RESPECTIVE SUPPLIERS MAKE
NO REPRESENTATIONS ABOUT THE SUITABILITY OF
THE INFORMATION CONTAINED IN THE DOCUMENTS
AND RELATED GRAPHICS AND/OR SOFTWARE PUBLISHED
ON THIS SERVER FOR ANY PURPOSE. ALL SUCH
DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND AND ARE
SUBJECT TO CHANGE WITHOUT NOTICE. THE ENTIRE RISK
ARISING OUT OF THEIR USE REMAINS WITH THE RECIPIENT.
IN NO EVENT SHALL COMPAQ AND/OR ITS RESPECTIVE
SUPPLIERS BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL,
INCIDENTAL, SPECIAL, PUNITIVE OR OTHER DAMAGES
WHATSOEVER (INCLUDING WITHOUT LIMITATION,
DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS
INTERRUPTION, OR LOSS OF BUSINESS INFORMATION),
EVEN IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <
http://www.pgp.com>
iQA/AwUBOvDA+KgxZJFjvD74EQIcQgCfTZEG+9t09c6DPEZB/Ez/VehVI5sAnAhQ
X4McRxZlZeJ27lWFf6ndo+PV
=FExB
-----END PGP SIGNATURE-----
Received on Thu May 03 2001 - 12:07:48 NZST