SSRT4688 rev.1 HP-UX rpc.ypupdated remote unauthorized access

Secure Home | Search | About

Lost Password?

General Computer Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject	Author	Date
SSRT4688 rev.1 HP-UX rpc.ypupdated remote unauthorized access	Security Alert	02-24-2005

Posted by Security Alert on February 24, 2005, 12:40 pm

If you were Registered and logged in, you could reply and use other advanced thread options

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HP SECURITY BULLETIN

HPSBUX01002 REVISION: 1

SSRT4688 rev.1 HP-UX rpc.ypupdated remote unauthorized access

NOTICE:
There are no restrictions for distribution of this Security
Bulletin provided that it remains complete and intact.

The information in this Security Bulletin should be acted upon
as soon as possible.

INITIAL RELEASE:
22 February 2005

POTENTIAL SECURITY IMPACT:
Remote unauthorized access.

SOURCE:
Hewlett-Packard Company
HP Software Security Response Team

VULNERABILITY SUMMARY:
A potential security vulnerability has been found in HP-UX running
rpc.ypupdated. The vulnerability could be exploited to allow
remote unauthorized access.

REFERENCES:
CERT Advisory CA-1995-17

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.00, B.11.11, B.11.22, B.11.23.

BACKGROUND:
This issue has been reported in CERT Advisory CA-1995-17.

< http://www.cert.org/advisories/CA-1995-17.html>

AFFECTED VERSIONS

Note: To determine if a system has an affected version,
search the output of "swlist -a revision -l fileset"
for an affected fileset. Then determine if the
recommended patch or update is installed.

HP-UX B.11.23
For Integrity (IA) servers
=============
NFS.NIS2-SERVER
action: install PHNE_30095 or subsequent

HP-UX B.11.23
->For HP 9000 (PA) servers
=============
NFS.NIS2-SERVER
->action: install PHKL_31500 or subsequent

HP-UX B.11.22
=============
NFS.NIS2-SERVER
action: install PHNE_30084 or subsequent

HP-UX B.11.11
=============
NFS.NIS-SERVER
action: install PHNE_29783 or subsequent

HP-UX B.11.00
=============
NFS.NIS-SERVER
action: install PHNE_29785 or subsequent

END AFFECTED VERSIONS

RESOLUTION:
HP has made the following patches available from
http://itrc.hp.com to resolve the issue:

HP-UX B.11.23 (IA) - PHNE_30095 or subsequent
->HP-UX B.11.23 (PA) - PHKL_31500 or subsequent
HP-UX B.11.22 - PHNE_30084 or subsequent
HP-UX B.11.11 - PHNE_29783 or subsequent
HP-UX B.11.00 - PHNE_29785 or subsequent

MANUAL ACTIONS: No

BULLETIN REVISION HISTORY:
Revision 0: 23 March 2004
Initial release.

Revision 1: 22 February 2004
Added PHKL_31500.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQhx5iOAfOvwtKn1ZEQI3JQCdEb5WcRbHkly24f83uldCVd0u9moAoLkq
p7YPGBAo6Qfo2+M8jl6adTcp
=v+Lx
-----END PGP SIGNATURE-----

--
Yours truly,
HP S/W Security Team
WTEC Cupertino, California

Return-Path: secure@cup.hp.com
Reply-to: security-alert@hp.com

Similar Threads	Posted
SSRT4688 rev.0 HP-UX rpc.ypupdated remote unauth. access	April 8, 2004, 6:11 am
SSRT4688 rev.0 HP-UX rpc.ypupdated remote unauth. access	May 17, 2004, 2:20 pm
SSRT4773 rev.0 HP-UX xfs and stmkfont remote unauthorized access	July 26, 2004, 12:36 pm
SSRT4883 ftp and ftpd remote unauthorized access	December 24, 2004, 12:45 pm
SSRT4773 rev.1 HP-UX xfs and stmkfont remote unauthorized access	January 26, 2005, 1:13 pm
SSRT4694 rev.0 - HP-UX ftpd remote unauthorized access	February 25, 2005, 12:35 pm
SSRT4874 rev.0 - HP-UX Ignite-UX Remote Unauthorized Access	August 16, 2005, 4:50 pm
SSRT4874 rev.1 - HP-UX Ignite-UX Remote Unauthorized Access	August 25, 2005, 7:26 pm
SSRT051043 rev.0 - Apache Remote Unauthorized access	October 7, 2005, 11:25 am
SSRT4727 rev.0 OpenView Operations remote unauthorized access	April 8, 2004, 6:32 am

The site map in XML format XML site map