COMMAND
Compaq Management Agents
SYSTEMS AFFECTED
Compaq Management Agents for Tru64 UNIX V4.0f, 4.0g, 5.0, 5.0a and 5.1
PROBLEM
This is a Mandatory software update which contains a new version
of the Compaq Management Agents for Tru64 UNIX. This Patch Kit
supercedes the MUPssrt0705_cpqim patch kit for Tru64 UNIX.
This Security Advisory addresses a potential security
vulnerability in Compaq web-enabled software, which can act a
generic proxy server. Internal traffic going out to the Internet
can bypass a normal proxy server filtering by using TCP/IP port
2301 and external traffic may be able to infiltrate internal
networks if there is no additional firewall protection.
Compaq strongly recommend that web-enabled agents and utilities
are deployed only in private networks and are not used on the
open Internet or on systems outside the bounds of the firewall.
The implementation of sound security practices, which includes
disabling access to non-essential ports, such as the Compaq
Management ports :2301 and :280, should help to protect customers
from external malicious attacks. Compaq also recommends that
strong passwords are used and are changed regularly.
This kit must be re-installed following an os update to Tru64 UNIX
v4.0f, 4.0g, 5.0, 5.0a, or 5.1. Failure to do so will result in
the introduction of the ssrt0705 and ssrt0715 security
vulnerabilities.
SOLUTION
The software update is in a file (MUPssrt0715u_cpqim_01.tar) which
contains an updated version of the agents in setld format. The
goal will be for an administrator to download the software update
from this FTP site, copy it to the target Tru64 UNIX System and
extract the files.
If you are applying this patch to a cluster, perform the steps
described in REAMDE patch file on one cluster member only,
providing that all members are running.