I've been trying to deal with security scans and getting my serverup to
PCI-Compliance standards. One "ding" that has been an issue from the start has
involvedwhat the scan refers to as "dced". The first support tech at the
scanning company didn't know whatit was. I can't find out very much from
searching, either. (I've foundthe acronym has a lot to do with certain state
agencies, however!) Here's the text from the security scan: Title: possible
vulnerability in HP dced Impact:
A remote attacker could execute arbitrary commands with root privileges.
Resolution: Apply patch PHSS_29963 for
HP-UX 11.00, PHSS_29964 for HP-UX 11.11, or PHSS_29966 for HP-UX 11.23. HP-UX
patches are available from the [http://itrc.hp.com] HP Resource Center. Patch
information for Tru64 users is available from
[http://support.entegrity.com/private/patches/dce/ssrt4741.asp] Entegrity.
Patch information for OpenVMS is available from
[http://www.securityfocus.com/archive/1/368882] SSRT 4741. This may have
something to do with virtualization from what I've gathered.I'm on a Virtual
Private Server, at this point. So, that would make some sense.There's no
program or port referenced by the scanning results, either. Clues and advice
anyone? Thanks! Rick
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355214
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
