HP Tru64 UNIX and TruCluster Server Version 5.1B-5 Patch Summary and Release Notes (March 2009)
• Revises the csh(1), sh(1b), ip6rtrd.conf(4), ntp.conf(4), sys_attrs_ipv6(5),
sys_attrs_vfs(5), nifftmt(7), dump(8), freezefs(8), fwtmp(8), ip6rtrd(8), restore(8),
and xntpd(8) reference pages.
• Revises the sys_attrs_lsm(5) and disklabel(8) reference pages.
• Revises the mt(1), netstat(1), sys_attrs_ee(5), sys_attrs_inet(5), sys_attrs_vm(5),
collect(8) envconfig(8), fuser(8), ifconfig(8), and kdbx(8) reference pages.
• Revises the btcreate(8) and psradm(8) reference pages.
Patch 27060.00
OSFNETCONF540
• Corrects several potential security vulnerabilities that have been reported on
systems using an IPsec configuration of tunnel mode ESP without authentication.
Under certain circumstances, a remote attacker could force an error so that a portion
of a plain-text message can be intercepted by the attacker. Corrects the following
vulnerability:
SSRT5957 - IPsec (Severity - High)
• Fixes a problem in which a stack trace occurs during quicksetup if the host name
and any NFS parameters are changed.
• Modifies the netconfig application to prevent breaking automation while using
the SysMan command-line interface.
• Corrects the netconfig application to a avoid stack trace that occurs while
configuring a token ring adaptor on a different node.
• Corrects a potential security vulnerability where, under certain circumstances,
system integrity may be compromised. This may be in the form of improper file
access.
• Corrects a problem in which when DHCP is selected for a network interface card,
netconfig places invalid data in the /etc/hosts file.
• Changes the use of the configuration file /etc/svc.conf to /etc/nsswitch.conf to allow
netgroup data to be provided from LDAP, rather than only from NIS.
• Fixes a problem in the SysMan nfs_export application in which adding a host to
the rw-access list does not take effect.
• Fixes a problem in the SysMan nfs_export application in which an inappropriate
message is displayed when a nonroot user runs it.
• Corrects a problem in which the network wizard exits when running as nonroot.
• Corrects a potential security vulnerability in IPsec/IKE (Internet Key Exchange)
with Certificates. This potential vulnerability is remotely exploitable, resulting in
unauthorized privileged access.
SSRT3674 - IPsec/IKE (Severity - High)
• Fixes a problem in which SysMan route does not handle the destination name
input correctly
184 Tru64 UNIX Patches