HP Tru64 UNIX and TruCluster Server Version 5.1B-5 Patch Summary and Release Notes (March 2009)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.0

181

182

183

184

185

186

187

188

189

190

• Revises the csh(1), sh(1b), ip6rtrd.conf(4), ntp.conf(4), sys_attrs_ipv6(5),

sys_attrs_vfs(5), nifftmt(7), dump(8), freezefs(8), fwtmp(8), ip6rtrd(8), restore(8),

and xntpd(8) reference pages.

• Revises the sys_attrs_lsm(5) and disklabel(8) reference pages.

• Revises the mt(1), netstat(1), sys_attrs_ee(5), sys_attrs_inet(5), sys_attrs_vm(5),

collect(8) envconfig(8), fuser(8), ifconfig(8), and kdbx(8) reference pages.

• Revises the btcreate(8) and psradm(8) reference pages.

Patch 27060.00

OSFNETCONF540

• Corrects several potential security vulnerabilities that have been reported on

systems using an IPsec configuration of tunnel mode ESP without authentication.

Under certain circumstances, a remote attacker could force an error so that a portion

of a plain-text message can be intercepted by the attacker. Corrects the following

vulnerability:

SSRT5957 - IPsec (Severity - High)

• Fixes a problem in which a stack trace occurs during quicksetup if the host name

and any NFS parameters are changed.

• Modifies the netconfig application to prevent breaking automation while using

the SysMan command-line interface.

• Corrects the netconfig application to a avoid stack trace that occurs while

configuring a token ring adaptor on a different node.

• Corrects a potential security vulnerability where, under certain circumstances,

system integrity may be compromised. This may be in the form of improper file

access.

• Corrects a problem in which when DHCP is selected for a network interface card,

netconfig places invalid data in the /etc/hosts file.

• Changes the use of the configuration file /etc/svc.conf to /etc/nsswitch.conf to allow

netgroup data to be provided from LDAP, rather than only from NIS.

• Fixes a problem in the SysMan nfs_export application in which adding a host to

the rw-access list does not take effect.

• Fixes a problem in the SysMan nfs_export application in which an inappropriate

message is displayed when a nonroot user runs it.

• Corrects a problem in which the network wizard exits when running as nonroot.

• Corrects a potential security vulnerability in IPsec/IKE (Internet Key Exchange)

with Certificates. This potential vulnerability is remotely exploitable, resulting in

unauthorized privileged access.

SSRT3674 - IPsec/IKE (Severity - High)

• Fixes a problem in which SysMan route does not handle the destination name

input correctly

184 Tru64 UNIX Patches