HP Tru64 UNIX and TruCluster Server Version 5.1.B-4 Patch Summary and Release Notes (13156)
• Fixes a problem with FTP byte/hash count when the file size exceeds 2 GB.
• Modifies niffconfig to display appropriate error messages.
• Corrects a problem in which ftp reget works incorrectly when restarting at 2 GB or larger.
• Provides enhancements for NetRAIN operations.
• Corrects a potential locally exploitable integer overflow vulnerability in the Network Time
Protocol. This potential vulnerability could lead to clients receiving an incorrect date/time
offset, resulting in an incorrect date/time on the client.
SRT4718 - NTP (Severity - High)
• Modifies the ip6_setup script to limit some Mobile IPv6 questions to LAN interfaces only.
• Corrects a problem in which ftpd core dumps when a 1000 or more directories are present.
• Adds support for ifconfig [inet6] delete [abort] for IPv6 connections.
• Fixes a problem in the implementation of the RIPng protocol that prevents IPv6 routes from
being deleted as expected.
• Resolves intermittent core failures in gated.
• Corrects default tape device as /dev/tape/tape0_d1 for dump and restore as per device
naming convention in V5x versions.
Patch 27021.00
OSFCMPLRS540
• Corrects a security issue in which rsh and other rcmds incorrectly report ESUCCESS when
the remote side of a connection terminates before fully establishing a connection.
• Allows the auditing of login and su events based in part on the contents of user profiles (for
Enhanced Security), the prevailing auditing characteristics of the originating process, and
the system-wide audit mask. Previously, only the system audit mask was referenced.
• Fixes a problem with floating point data inconsistencies in threaded applications.
• Corrects RPC-based servers' handling of ill-formed TCP connections.
• Prevents segmentation faults when sia_ses_init is passed a malformed argument vector.
• Corrects a potential security vulnerability that may result in a Denial of Service (DoS). This
may be in the form of local and remote security domain risks.
(SSRT2384 rpc — Severity - High)
• Fixes a problem in which the home directory and login shell attributes for a user account
are not suppled to the audit daemon for authentication failures.
• Fixes an extended regular expression problem where the interval expression {m,n} is handled
incorrectly.
• Fixes a problem from pre-Version 5.0 releases in the way the libc mktime() function handles
potentially ambiguous tm struct times that fall within a backward clock shift and that have
an initially negative tm_isdst value.
• Fixes various problems in the libc functions getdate(), strptime(), callrpc(), strncasecmp()
and fork().
• Fixes a problem in the libnuma function nacreate() and the system header <sgtty.h.
• Fixes various problems in the dbx and object file tools dbx, ostrip, strip, mcs, dis, cord, file,
and stdump.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised. This may be in the form of improper file or privilege
management.
• Provides protection against a class of potential security vulnerabilities called buffer overflows.
Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged
program and possibly execute commands at the elevated privileges if the program file has
110 Tru64 UNIX Patches