Date: Fri, 6 Apr 2001 17:30:45 -0600 From: system PRIVILEGED account <[EMAIL PROTECTED]> To: "Unix Patch Mailing List" <[EMAIL PROTECTED]> Subject: Compaq Management Agents for Tru64 UNIX Reply-To: [EMAIL PROTECTED] ******************************************************************************* * * * This is an update to an existing patch... * * * * Online links can be found at * * http://ftp.support.compaq.com/patches/public/unix/v4.0f/mupssrt0715u_cpqim_01.README ******************************************************************************* TITLE: Compaq Management Agents for Tru64 UNIX PATCH IDENTIFICATION: MUPssrt0715u_cpqim_01 CATEGORY: Software Update OPERATING SYSTEM: Tru64 UNIX V4.0f, 4.0g, 5.0, 5.0a and 5.1 EFFECTIVE DATE: 4/05/2001 ELECTRONIC DISTRIBUTION ALLOWED: Yes DESCRIPTION: This is a Mandatory software update which contains a new version of the Compaq Management Agents for Tru64 UNIX. This Patch Kit supercedes the MUPssrt0705_cpqim patch kit for Tru64 UNIX. Enhancements/Fixes: This Security Advisory addresses a potential security vulnerability in Compaq web-enabled software, which can act a generic proxy server. Internal traffic going out to the Internet can bypass a normal proxy server filtering by using TCP/IP port 2301 and external traffic may be able to infiltrate internal networks if there is no additional firewall protection. Compaq strongly recommend that web-enabled agents and utilities are deployed only in private networks and are not used on the open Internet or on systems outside the bounds of the firewall. The implementation of sound security practices, which includes disabling access to non-essential ports, such as the Compaq Management ports :2301 and :280, should help to protect customers from external malicious attacks. Compaq also recommends that strong passwords are used and are changed regularly. WARNING: THIS KIT MUST BE RE-INSTALLED FOLLOWING AN OS UPDATE TO TRU64 UNIX V4.0F, 4.0G, 5.0, 5.0A, OR 5.1. FAILURE TO DO SO WILL RESULT IN THE INTRODUCTION OF THE SSRT0705 and SSRT0715 SECURITY VULNERABILITIES. Instructions on how to apply this software update ------------------------------------------------- The software update is in a file (MUPssrt0715u_cpqim_01.tar) which contains an updated version of the agents in setld format. The goal will be for an administrator to download the software update from this FTP site, copy it to the target Tru64 UNIX System and extract the files. If you are applying this patch to a cluster, perform the steps below on one cluster member only, providing that all members are running. The following steps provide detailed instructions: Step 1: As super user (root) create a temporary directory on the target Tru64 UNIX Alpha System, ie: /usr/tmp/patch Download the tar file into that directory. Step 2: Uncompress and extract the target files # cd /usr/tmp/patch # /usr/bin/tar xvf MUPssrt0715u_cpqim_01.tar A directory named cpqim222 will be extracted. It contains the setld kit files. Step 3: Install the setld kit: # /usr/sbin/setld -l cpqim222 Step 4: Follow the setld instructions. Step 5: When the installation is complete, delete the temporary subdirectory on the target server. # rm -r /usr/tmp/patch ============================================================================ Copyright 2001, Compaq Computer Corporation. All rights reserved. Compaq does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Compaq will not be responsible for any damages resulting from user's use or disregard of the information provided in this document. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies.