ISS X-Force recently announced a vulnerability in the Tooltalk service
on Tru64 (rpc.ttdbserverd), and other Unixes, at
http://xforce.iss.net/alerts/advise98.php The advisory recommends:
Compaq Computer Corporation
Compaq has identified the vulnerability and made patches available.
This patch may be obtained from the following URL address:
http://www.support.compaq.com/patches/
Select BROWSE PATCH TREE and choose the version directory
required.
The patch names are:
DUV40F17-C0056200-11703-ER-*.tar
T64V40G17-C0007000-11704-ER-*.tar
T64V50A17-C0015500-11705-ER-*.tar
T64V5117-C0065200-11706-ER-*.tar
T64V51Assb-C0000800-11707-ER-*.tar
Note: The asterisk in the filename indicates the remainder of the
tarfile name may change depending on the applicable date.
This patch can be installed on:
V4.0f, V4.0g all patch kits
V5.0a, V5.1, and V5.1a all patch kits
Perhaps I am just a bit dim, but I can't seem to find these patches in
the on ftp.support.compaq.com in /public/unix/<version>/, or on
http://ftp.support.compaq.com/patches/.new/security.shtml. Am I just
overlooking something obvious, or are these patches not really
available?
This is particularly troubling considering the recent bugtraq posting
at
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=217021&start=2001-09-24&end=2001-09-30
which describes how a to exploit a format string vulnerability on the
alpha.
Received on Thu Oct 04 2001 - 19:23:05 NZST