COMMAND

    Compaq Management Agents

SYSTEMS AFFECTED

    Compaq Management Agents for Tru64 UNIX V4.0f, 4.0g, 5.0, 5.0a and 5.1

PROBLEM

    This is a Mandatory software  update which contains a new  version
    of the Compaq  Management Agents for  Tru64 UNIX.   This Patch Kit
    supercedes the MUPssrt0705_cpqim patch kit for Tru64 UNIX.

    This   Security   Advisory   addresses   a   potential    security
    vulnerability  in  Compaq  web-enabled  software,  which can act a
    generic proxy server.  Internal traffic going out to the  Internet
    can bypass a  normal proxy server  filtering by using  TCP/IP port
    2301  and  external  traffic  may  be  able to infiltrate internal
    networks if there is no additional firewall protection.

    Compaq strongly  recommend that  web-enabled agents  and utilities
    are deployed  only in  private networks  and are  not used  on the
    open Internet or  on systems outside  the bounds of  the firewall.
    The  implementation  of  sound  security practices, which includes
    disabling  access  to  non-essential  ports,  such  as  the Compaq
    Management ports :2301 and :280, should help to protect  customers
    from  external  malicious  attacks.  Compaq  also  recommends that
    strong passwords are used and are changed regularly.

    This kit must be re-installed following an os update to Tru64 UNIX
    v4.0f, 4.0g, 5.0, 5.0a, or 5.1.   Failure to do so will result  in
    the   introduction   of   the   ssrt0705   and  ssrt0715  security
    vulnerabilities.

SOLUTION

    The software update is in a file (MUPssrt0715u_cpqim_01.tar) which
    contains an updated  version of the  agents in setld  format.  The
    goal will be for an administrator to download the software  update
    from this FTP site,  copy it to the  target Tru64 UNIX System  and
    extract the files.

    If you  are applying  this patch  to a  cluster, perform the steps
    described  in  REAMDE  patch  file  on  one  cluster  member only,
    providing that all members are running.