|
|
 |
SSRT2275__SSRT2229 Potential Security Vulnerability Patches
|
 |
TITLE: SSRT2275__SSRT2229 Potential Security Vulnerability Patches
New Kit Date: 01-APR-2003
Modification Date: Not Applicable
Modification Type: NEW KIT
Copyright (c) Hewlett-Packard Company 2003. All rights reserved.
PRODUCT: HP Tru64 UNIX [R] 5.1
SOURCE: Hewlett-Packard Company
ECO INFORMATION:
ECO Name: T64V51B20-C0173100-17539-ES-20030324
ECO Kit Approximate Size: 14.67MB
Kit Applies To: HP Tru64 UNIX 5.1 PK6 (BL20)
ECO Kit CHECKSUMS:
/usr/bin/sum results:
14811 15020 T64V51B20-C0173100-17539-ES-20030324.tar
/usr/bin/cksum results:
2597551721 15380480
MD5 results:
f01f5c3b6bd6fbe15405a699216a530c
SHA1 results:
714ed3aa20ea0324480a23a7033c2f3ca2a4b297
ECO KIT SUMMARY:
A dupatch-based, Early Release Patch kit exists for HP Tru64 UNIX 5.1 that
contains solutions to the following problems:
1) Under certain circumstances the potential vulnerability may result
in a denial of service. This may be in the form of local security
domain risks. The potential security vulnerability in the ping
command has been corrected.
- SSRT2229 /usr/sbin/ping (Severity - Medium)
2) Under certain circumstances the potential vulnerability may allow a
non-privileged user to gain unauthorized (root) access by exploiting
a buffer overflow condition. This may be in the form of local and remote
security domain risks. The potential security vulnerability has been
corrected.
Basic Commands and Utilities
- SSRT2277 /usr/bin/ypmatch (Severity - Medium)
- SSRT2261 /usr/sbin/traceroute (Severity - Medium)
- SSRT2260 /usr/sbin/lpc (Severity - Medium)
/usr/bin/lprm
/usr/bin/lpq
/usr/bin/lpr
/usr/lbin/lpd
- SSRT0796U /usr/bin/binmail (Severity - Medium)
- SSRT0794U /usr/bin/ipcs (Severity - Medium)
- SSRT2191 /usr/sbin/quot (Severity - Medium)
- SSRT2189 /usb/bin/at (Severity - Medium)
- SSRT2256 /usr/bin/ps (Severity - Medium)
- SSRT2275 /usr/bin/uux (Severity - Medium)
/usr/bin/uucp (Severity - Medium)
/usr/bin/csh (Severity - Medium)
/usr/bin/rdist (Severity - Medium)
/usr/bin/mh/inc (Severity - Medium)
/usr/bin/mh/msgchk (Severity - Medium)
/usr/sbin/imapd (Severity - Medium)
/usr/bin/deliver (Severity - Medium)
/sbin/.upd..loader (Severity - Medium)
CDE
- SSRT2193 /usr/dt/bin/mailcv (Severity - Medium)
- SSRT2280 /usr/dt/bin/dtterm (Severity - Medium)
- SSRT2282 /usr/dt/bin/dtsession (Severity - Medium)
- SSRT2274 /usr/dt/bin/rpc.ttdbserverd (Severity - High)
SSRT2251
X11
- SSRT2279 /usr/bin/X11/dxterm (Severity - Medium)
- SSRT2275 /usr/bin/X11/dxconsole (Severity - Medium)
/usr/bin/X11/dxpause (Severity - Medium)
/usr/bin/X11/dxsysinfo (Severity - Medium)
Networking
- SSRT2340 /usr/sbin/telnetd (Severity - High)
- SSRT2270 BIND resolver glibc (Severity - High)
- SSRT2309 rpc XDR_ARRAY (Severity - High)
3) Engineering has integrated the SSRT2257 early release patches into
the SSRT2275/SSRT2229 ERP kits, because both need to update libc.
SSRT2257 addressed the following potential security vulnerabilities:
- SSRT2257 /usr/bin/su (Severity - High)
- SSRT2190 /usr/bin/chsh (Severity - Medium)
- SSRT2192 /usr/bin/passwd (Severity - Medium)
- SSRT2259 /usr/bin/chfn (Severity - Medium)
- SSRT2262 /usr/tcb/bin/dxchpwd (Severity - Medium)
The SSRT2275/SSRT2229 ERP kits can be used by customers who have
and have not installed the ERPs for SSRT2257.
The patches in the SSRT2275/SSRT2229 ERP kits are built so they will
install over the SSRT2257 ERPs. However, installation will be blocked
if any other patches have been installed that affect the files
delivered in the SSRT2257 ERPs.
For more information regarding SSRT2257, see Security Bulletin,
SSRT2257 HP Tru64 UNIX /usr/bin/su buffer overflow potential exploit
4) Engineering has also integrated fixes for additional potential
security vulnerabilities into the SSRT2275/SSRT2229 V5.1 BL20 kit.
The fixes all update libc. The description of the additional
potential vulnerabilities follows.
The following potential security vulnerabilities have been
identified or reported in the HP Tru64 UNIX operating system that
may result in unauthorized Privileged Access or a Denial of Service
(DoS). These potential vulnerabilities may be in the form of local
and remote security domain risks.
Severity is (HIGH) on all the potential vulnerabilities:
- SSRT2322 Bind resolver exploit in ISC
- SSRT2384 TCP exploit denies all RPC service
- SSRT2341 calloc() potential overflow
- SSRT2439 xdrmem_getbytes() potential overflow
- SSRT2412 portmapper hang after port scan with C2 enabled
The Patch Kit Installation Instructions and the Patch Summary and Release
Notes documents provide patch kit installation and removal instructions
and a summary of each patch. Please read these documents prior to
installing patches on your system.
INSTALLATION NOTES:
1) Install this kit with the dupatch utility that is included in the patch
kit. You may need to baseline your system if you have manually changed
system files on your system. The dupatch utility provides the baselining
capability.
2) This ERP kit will NOT install over any installed Customer Specific Patches
(CSPs) that have file intersections with this ERP kit. Contact your normal
Service Provider for assistance if the installation of this ERP kit is
blocked by any of your installed CSPs.
3) Some of the patches deliver updated static libraries. If you have
applications that build against the affected static libraries you should
relink those applications post-ERP installation. The following static
libraries are updated if you have the static library subsets installed
on your system:
/usr/ccs/lib/libc.a OSFCMPLRS
/usr/ccs/lib/libc_r.a OSFCMPLRS
/usr/ccs/lib/libtermcap.a OSFPGMR
/usr/ccs/lib/libtermlib.a OSFPGMR
/usr/lib/libICE.a OSFXLIBA
/usr/lib/libX11.a OSFXLIBA
/usr/lib/libXmu.a OSFXLIBA
/usr/lib/libXt.a OSFXLIBA
/usr/ccs/lib/libfilsys.a OSFLIBA
/usr/ccs/lib/libcurses.a OSFLIBA
INSTALLATION PREREQUISITES:
You must have installed HP Tru64 UNIX 5.1 PK6 (BL20) prior to installing
this Early Release Patch Kit.
KNOWN PROBLEMS WITH THE PATCH KIT:
None.
RELEASE NOTES FOR T64V51B20-C0173100-17539-ES-20030324:
Release Notes
This document summarizes the contents and special instructions for the
Tru64 UNIX V5.1 patches contained in this kit.
For information about installing or removing patches, baselining,
and general patch management, see the Patch Kit Installation
Instructions document.
1 Release Notes
This Early Release Patch Kit Distribution contains:
- fixes that resolve the problem(s) reported in:
o 117-2-690 93749 93750 93939 94006 94255 94297 94442
94599 SSRT0796U SSRT2189 SSRT2190 SSRT2191 SSRT2192 SSRT2193
SSRT2229 SSRT2251 SSRT2256 SSRT2257 SSRT2259 SSRT2260 SSRT2261
SSRT2262 SSRT2270 SSRT2274 SSRT2275 SSRT2277 SSRT2279 SSRT2280
SSRT2297 SSRT2309 SSRT2322 SSRT2341 SSRT2384 SSRT2412 SSRT2439
* for Tru64 UNIX V5.1 T64V51B20AS0006-20030210.tar (BL20)
The patches in this kit are being released early for general customer use.
Refer to the Release Notes for a summary of each patch and installation
prerequisites.
Patches in this kit are installed by running dupatch from the directory
in which the kit was untarred. For example, as root on the target system:
> mkdir -p /tmp/CSPkit1
> cd /tmp/CSPkit1
> copy the kit to /tmp/CSPkit1
> tar -xpvf DUV40D13-C0044900-1285-20000328.tar
> cd patch_kit
> ./dupatch
2 Special Instructions
There are no special instructions for Tru64 UNIX V5.1 Patch C1731.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1733.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1341.01
There are no special instructions for Tru64 UNIX V5.1 Patch C1743.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1744.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1745.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1746.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1388.01
There are no special instructions for Tru64 UNIX V5.1 Patch C1747.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1742.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1732.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1737.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1739.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1735.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1734.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1740.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1741.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1748.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1749.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1736.00
There are no special instructions for Tru64 UNIX V5.1 Patch C1738.00
3 Summary of CSPatches contained in this kit
Tru64 UNIX V5.1
PatchId Summary Of Fix
----------------------------------------
C1731.00 Fix for SSRT2275, 2322, 2384, 2341, 2439, 2412 ...
C1733.00 Fix for SSRT2275, uux, uucp
C1341.01 Fix for SSRT2193, mailcv
C1743.00 Fix for SSRT2297, loader
C1744.00 Fix for SSRT2191, quot
C1745.00 Fix for SSRT2191, quot
C1746.00 Fix for SSRT2189, at
C1388.01 Fix for SSRT2251, SSRT2274, rpc.ttdbserverd
C1747.00 Fix for SSRT2256, ps
C1742.00 Fix for SSRT2280, dtterm
C1732.00 Fix for SSRT2275, csh
C1737.00 Fix for SSRT2260, lpq, lpr, lprm
C1739.00 Fix for SSRT2275, libcurses
C1735.00 Fix for SSRT2275, libcurses
C1734.00 Fix for SSRT2275, libtermcap, libtermlib
C1740.00 Fix for SSRT2279, SSRT2280, dtterm, dxterm
C1741.00 Fix for SSRT2279, SSRT2280 dxterm, dtterm
C1748.00 Fix for SSRT2229, ping
C1749.00 Fix for SSRT0796U, binmail
C1736.00 Fix for SSRT2275, telnetd
C1738.00 Fix for SSRT2279, dxterm
4 Additional information from Engineering
None
5 Affected system files
This patch delivers the following files:
Tru64 UNIX V5.1
Patch C1731.00
./sbin/mount
CHECKSUM: 20814 782
SUBSET: OSFBASE510
./sbin/umount
CHECKSUM: 47374 414
SUBSET: OSFBASE510
./shlib/.upd..libc.so
CHECKSUM: 40761 1981
SUBSET: OSFBASE510
./shlib/.upd..libc_r.so
CHECKSUM: 40761 1981
SUBSET: OSFBASE510
./usr/bin/uptime
CHECKSUM: 59053 496
SUBSET: OSFBASE510
./usr/bin/w
CHECKSUM: 59053 496
SUBSET: OSFBASE510
./usr/ccs/lib/libc.a
CHECKSUM: 02797 2370
SUBSET: OSFCMPLRS510
./usr/ccs/lib/libc_r.a
CHECKSUM: 02797 2370
SUBSET: OSFCMPLRS510
./usr/sbin/runclass
CHECKSUM: 16653 408
SUBSET: OSFBASE510
./usr/sbin/ypbind
CHECKSUM: 60127 547
SUBSET: OSFCLINET510
./usr/shlib/libsecurity.so
CHECKSUM: 05397 1430
SUBSET: OSFBASE510
Patch C1733.00
./usr/bin/uucp
CHECKSUM: 31576 862
SUBSET: OSFUUCP510
./usr/bin/uux
CHECKSUM: 02097 850
SUBSET: OSFUUCP510
./usr/lib/nls/msg/en_US.ISO8859-1/uucp.cat
CHECKSUM: 58627 19
SUBSET: OSFUUCP510
Patch C1341.01
./usr/dt/bin/mailcv
CHECKSUM: 55665 125
SUBSET: OSFCDEMAIL510
Patch C1743.00
./sbin/.upd..loader
CHECKSUM: 38401 185
SUBSET: OSFBASE510
Patch C1744.00
./shlib/libfilsys.so
CHECKSUM: 23268 40
SUBSET: OSFBASE510
Patch C1745.00
./usr/ccs/lib/libfilsys.a
CHECKSUM: 10168 25
SUBSET: OSFLIBA510
Patch C1746.00
./usr/bin/at
CHECKSUM: 31067 69
SUBSET: OSFBASE510
Patch C1388.01
./usr/dt/bin/rpc.ttdbserverd
CHECKSUM: 27803 429
SUBSET: OSFCDEMIN510
Patch C1747.00
./sbin/ps
CHECKSUM: 04398 105
SUBSET: OSFBASE510
./usr/bin/ps
CHECKSUM: 02118 87
SUBSET: OSFBASE510
./usr/lib/nls/msg/en_US.ISO8859-1/ps.cat
CHECKSUM: 46700 2
SUBSET: OSFBASE510
Patch C1742.00
./usr/dt/bin/dtterm
CHECKSUM: 35197 493
SUBSET: OSFCDEMIN510
Patch C1732.00
./usr/bin/csh
CHECKSUM: 39598 304
SUBSET: OSFBASE510
Patch C1737.00
./usr/bin/lpq
CHECKSUM: 06112 81
SUBSET: OSFPRINT510
./usr/bin/lpr
CHECKSUM: 38252 90
SUBSET: OSFPRINT510
./usr/bin/lprm
CHECKSUM: 54353 80
SUBSET: OSFPRINT510
./usr/lbin/lpd
CHECKSUM: 21547 179
SUBSET: OSFPRINT510
./usr/lib/nls/msg/en_US.ISO8859-1/printer.cat
CHECKSUM: 36641 17
SUBSET: OSFPRINT510
./usr/sbin/lpc
CHECKSUM: 37605 115
SUBSET: OSFPRINT510
Patch C1739.00
./usr/ccs/lib/libcurses.a
CHECKSUM: 65251 666
SUBSET: OSFLIBA510
Patch C1735.00
./usr/shlib/libcurses.so
CHECKSUM: 46856 511
SUBSET: OSFBASE510
Patch C1734.00
./usr/ccs/lib/libtermcap.a
CHECKSUM: 33004 12
SUBSET: OSFPGMR510
./usr/ccs/lib/libtermlib.a
CHECKSUM: 33004 12
SUBSET: OSFPGMR510
Patch C1740.00
./usr/shlib/libICE.so
CHECKSUM: 21071 139
SUBSET: OSFX11510
./usr/shlib/libX11.so
CHECKSUM: 14243 1409
SUBSET: OSFX11510
./usr/shlib/libXmu.so
CHECKSUM: 53157 131
SUBSET: OSFX11510
./usr/shlib/libXt.so
CHECKSUM: 18684 585
SUBSET: OSFX11510
Patch C1741.00
./usr/lib/libICE.a
CHECKSUM: 63211 133
SUBSET: OSFXLIBA510
./usr/lib/libX11.a
CHECKSUM: 23168 1606
SUBSET: OSFXLIBA510
./usr/lib/libXmu.a
CHECKSUM: 06281 129
SUBSET: OSFXLIBA510
./usr/lib/libXt.a
CHECKSUM: 59876 639
SUBSET: OSFXLIBA510
Patch C1748.00
./sbin/ping
CHECKSUM: 40160 49
SUBSET: OSFCLINET510
./usr/sbin/ping
CHECKSUM: 60060 58
SUBSET: OSFCLINET510
Patch C1749.00
./usr/bin/binmail
CHECKSUM: 59170 50
SUBSET: OSFBASE510
./usr/bin/mail
CHECKSUM: 59170 50
SUBSET: OSFBASE510
./usr/lib/nls/msg/en_US.ISO8859-1/binmail.cat
CHECKSUM: 00159 3
SUBSET: OSFBASE510
Patch C1736.00
./usr/sbin/telnetd
CHECKSUM: 22981 98
SUBSET: OSFCLINET510
Patch C1738.00
./usr/bin/X11/dxterm
CHECKSUM: 43707 737
SUBSET: OSFX11510
[R] UNIX is a registered trademark in the United States and other countries
licensed exclusively through X/Open Company Limited.
Copyright Hewlett-Packard Company 2003. All Rights reserved.
This software is proprietary to and embodies the confidential technology
of Hewlett-Packard Company. Possession, use, or copying of this
software and media is authorized only pursuant to a valid written license
from Hewlett-Packard or an authorized sublicensor.
This ECO has not been through an exhaustive field test process.
Due to the experimental stage of this ECO/workaround, Hewlett-Packard
makes no representations regarding its use or performance. The
customer shall have the sole responsibility for adequate protection
and back-up data used in conjunction with this ECO/workaround.
|
Files on this server are as follows:
|
»t64v51b20-c0173100-17539-es-20030324.README
»t64v51b20-c0173100-17539-es-20030324.CHKSUM
»t64v51b20-c0173100-17539-es-20030324.tar
|
