• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

HP TruCluster Server Interconnect Potential Security Vulnerability
SSRT2265
Published: 2002-11-04 16:32:22
Updated: 2002-11-04 16:32:22

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SECURITY BULLETIN

REVISION: 0

TITLE: SSRT2265 HP TruCluster Server Interconnect
       Potential Security Vulnerability

NOTICE: There are no restrictions for distribution of
        this Bulletin provided that it remains complete
        and intact.

RELEASE DATE: 04 November 2002

SEVERITY: High

SOURCE:  Compaq Computer Corporation,
         a wholly-owned subsidiary of
         Hewlett-Packard Company and
         Hewlett-Packard Company HP Services
         Software Security Response Team

REFERENCE:  SSRT2265, CVE CAN-2002-0711

PROBLEM SUMMARY

This bulletin will be posted to the support website within 24 hours
of release to http://thenew.hp.com/country/us/eng/support.html
Use the SEARCH IN feature box, enter SSRT2265 in the search window.


  SSRT2265  Cluster Interconnect  (Severity High)


  A potential security vulnerability has been discovered
  in HP TruCluster Server software that may result in a denial
  of service (DoS). This potential vulnerability may be in the
  form of local and remote security domain risks.

VERSIONS IMPACTED

  HP TruCluster Server V5.1A

  HP TruCluster Server  V5.1

  HP TruCluster Server  V5.0A


NOT IMPACTED

  HP-UX

  HP-MPE/ix

  HP NonStop Servers

  HP OpenVMS


RESOLUTION

  HP TruCluster Server - Early Release Patches (ERPs) are now
  available for all affected versions of HP TruCluster Server
  product versions. The ERP kits use dupatch to install and will
  not install over any Customer-Specific-Patches (CSPs) which
  have file intersections with the ERPs. Contact your normal support
  channel and request HP Tru64 services elevate a case to
  Support Engineering if a CSP must be merged with one of the ERPs.

  Please review the README file for each patch prior to installation.


  HP TruCluster Server 5.1A:
  Prerequisite: V5.1A with Patch Kit 3 (BL3) installed

  ERP Kit Name: tcv51ab3-c0008601-15346-es-20020905.tar
  Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.1a/

  HP TruCluster Server V5.1A with PK2 (BL2) installed: update to a
  minimum of PK3 (BL3) then install ERP
  tcv51ab3-c0008601-15346-es-20020905.tar


  HP TruCluster Server 5.1:
  Prerequisite: V5.1 with Patch Kit 5 (BL19) installed
  ERP Kit Name: tcv51b19-c0030403-15347-es-20020905.tar
  Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.1/

  HP TruCluster Server 5.1 with PK4(BL18) installed: update to a
  minimum of PK5 (BL19) then install ERP
  tcv51b19-c0030403-15347-es-20020905.tar


  HP TruCluster Server 5.0A
  Prerequisite: V5.0A with Patch Kit 3 (BL17) installed
  ERP Kit Name: tcv50ab17-c0005202-15352-es-20020905.tar
  Kit Location: ftp://ftp1.support.compaq.com/public/unix/v5.0a/

  MD5 and SHA1 checksums are available in the public patch notice
  and CHECKSUM file for each patch on the FTP site for each of the
  ERP kits. You can find information on how to verify MD5 and SHA1
  checksums at: http://www.support.compaq.com/patches/whats-new.shtml


  After completing the update, HP strongly recommends that you
perform
  an immediate backup of your system disk so that any subsequent
  restore operations begin with updated software. Otherwise, you
  must reapply the update after a future restore operation. Also,
  if at some future time you upgrade your system to a later patch
  version, you may need to reapply the appropriate update.


SUPPORT: For further information, contact HP Services.

SUBSCRIBE:
To subscribe to automatically receive future Security Advisories
from the Software Security Response Team via electronic mail:
http://www.support.compaq.com/patches/mailing-list.shtml

REPORT: To report a potential security vulnerability with any HP or
Compaq supported product, send email to: security-alert@hp.com

HP and Compaq appreciate your cooperation and patience. As always,
HP and Compaq urge you to periodically review your system management
and security procedures. HP and Compaq will continue to review and
enhance the security features of its products and work with our
customers to maintain and improve the security and integrity of
their systems.

"HP and Compaq are broadly distributing this Security Bulletin in
order to bring to the attention of users of the affected Compaq
products the important security information contained in this
Bulletin. HP and Compaq recommend that all users determine the
applicability of this information to their individual situations
and take appropriate action. Neither HP nor Compaq warrant that
this information is necessarily accurate or complete for all
user situations and, consequently, neither HP nor Compaq will
be responsible for any damages resulting from user's use or
disregard of the information provided in this Bulletin."

(c)Copyright 2002 Hewlett-Packard Company Hewlett-Packard
Company shall not be liable for technical or editorial
errors or omissions contained herein. The information
in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPccGTTnTu2ckvbFuEQKQdQCfQoS194u4WvND7txypDzyL8q3KhcAoNsw
eWO/gUiIDonH7STuKqYfcphx
=ClSE
-----END PGP SIGNATURE-----