Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2001.187 -- COMPAQ Security Advisory SSRT1-85U Tru64 UNIX - xntpd overflow 4 May 2001 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xntpd Vendor: Compaq Operating System: Compaq Tru64 UNIX 4.0d Compaq Tru64 UNIX 4.0f Compaq Tru64 UNIX 4.0g Compaq Tru64 UNIX 5.0 Compaq Tru64 UNIX 5.0a Compaq Tru64 UNIX 5.1 Unix Impact: Increased Privileges Access Required: Remote Ref: ESB-2001.139 ESB-2001.140 ESB-2001.141 ESB-2001.149 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ** NO RESTRICTIONS ** ** FOR DISTRIBUTION ** ==================================================== TITLE: SSRT1-85U - xntpd potential buffer overflow SOURCE: Compaq Computer Corporation, Software Security Response Team ==================================================== Date: 02-MAY-2001 SEVERITY: HIGH PROBLEM STATEMENT SUMMARY: Compaq continues to take a serious approach to the quality and security of all its software products and makes every effort to address issues and provide solutions in a timely manner. In line with this commitment, Compaq is responding to recent concerns of a potential buffer overflow with xntpd. The Network Time Protocol daemon for Compaq Tru64 UNIX contains a potential buffer overflow (even though it would be difficult to exploit) that may allow unauthorized access to bin privileges. IMPACT: Compaq's Tru64 UNIX V4.0d, V4.0f, V4.0g, V5.0, V5.0a, V5.1 SOLUTION: Compaq Tru64 UNIX engineering has provided a fix for this potential problem. NOTE: The solutions will be included in future releases of Tru64 UNIX aggregate patch kits. Until that has happened the kits identified should be reinstalled accordingly after an upgrade to any affected version listed. The patches identified are available from the Compaq FTP site http://ftp1.support.compaq.com/public/dunix/ then choose the version directory needed and search for the patch by name. Please review the applicable readme and install files prior to installation. Patches: V4.0D: DUV40D16-C0058302-10580-20010430.tar V4.0F: DUV40F16-C0042002-10579-20010430.tar V4.0G: T64V40G16-C0003502-10577-20010430.tar V5.0: T64V5016-C0006102-10575-20010430.tar V5.0A: T64V50A16-C0010402-10574-20010430.tar V5.1: T64V513-C0027202-10573-20010430.tar NOTE: A patch for Compaq Tru64 UNIX V4.0e is not available as it is no longer supported by Compaq. If you require a patch for V4.0e please contact your normal Compaq Services channel. Compaq appreciates your cooperation and patience. We regret any inconvenience applying this information may cause. As always, Compaq urges you to periodically review your system management and security procedures. Compaq will continue to review and enhance the security features of its products and work with customers to maintain and improve the security and integrity of their systems. (c) Copyright 2001 Compaq Computer Corporation. All rights reserved To subscribe to automatically receive future NEW Security Advisories from the Compaq's Software Security Response Team via electronic mail, Use your browser select the URL http://www.support.compaq.com/patches/mailing-list.shtml Select "Security and Individual Notices" for immediate dispatch notifications directly to your mailbox. To report new Security Vulnerabilities, send mail to: security-ssrt@compaq.com ============================================= COMPAQ AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS AND/OR SOFTWARE PUBLISHED ON THIS SERVER FOR ANY PURPOSE. ALL SUCH DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND AND ARE SUBJECT TO CHANGE WITHOUT NOTICE. THE ENTIRE RISK ARISING OUT OF THEIR USE REMAINS WITH THE RECIPIENT. IN NO EVENT SHALL COMPAQ AND/OR ITS RESPECTIVE SUPPLIERS BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR OTHER DAMAGES WHATSOEVER (INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION), EVEN IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOvDA+KgxZJFjvD74EQIcQgCfTZEG+9t09c6DPEZB/Ez/VehVI5sAnAhQ X4McRxZlZeJ27lWFf6ndo+PV =FExB - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOvK27Sh9+71yA2DNAQHJpwP8CYPfqQy7MlTrw3TTexZLRx8tedXk31EO Lqw0EPokjKBsn170oQQvmfvGs/GrrXCdF4QXgO0vOB5MPdc1VDN33XDS4B43Haoa RK/Q2kjoFqAldXBsDqKF66XPU6GIM5iSPCPolQ3bvEuBY7kQZi4P2SXMq4dFUuYw I5PlvLzXs9c= =d97A -----END PGP SIGNATURE-----