compaq.99-xx.cima
3f643d240a717b7be210b6fc45d138dfdc202139b57783e94247f139f96773b0
----------------------------------------------------------------------
Software Security Advisories Announcements
------------------------------------------
This message contains the updates on the latest patches posted at
ftp.service.digital.com. You're receiving this message as a
subscriber to the security mailing list.
If you ever want to remove yourself from this mailing list, you can
send mail to <Majordomo@data.service.digital.com> with the following
command in the body of your email message:
unsubscribe security (your full email address receiving this mail)
----------------------------------------------------------------------
* No Restrictions For Distribution *
______________________________________________________
UPDATE:
TITLE: New Version of the Insight Manager Web Agent
for Compaq's Tru64/Digital UNIX V4.0f Only.
Cross-Ref: # SSRT0612U and
"Compaq Management Agents Security Advisory"
Located at http://www.compaq.com/sysmanage
SOURCE: Compaq Computer Corporation
Software Security Response Team
"Compaq is broadly distributing this Security Advisory in order
to bring to the attention of users of Compaq products the
important security information contained in this Advisory.
Compaq recommends that all users determine the applicability of
this information to their individual situations and take
appropriate action.
Compaq does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Compaq will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Advisory."
----------------------------------------------------------------------
IMPACT:
This patch fixes a potential security vulnerability in the web-enabling
portion of the Compaq Insight Management Agents for Tru64 UNIX.
This security vulnerability may allow read access to files whose location
and filename are known and located on the same file system where the
agents are installed.
NOTE: Compaq Management Agents for Compaq OpenVMS are not
affected in any way.
----------------------------------------------------------------------
RESOLUTION:
This potential security vulnerability has been resolved and a
patch for this problem has been made available for
Tru64/DIGITAL UNIX V4.0f with or without Patch Kit 1.
*This solution will be included in future distributed releases of
Compaq's DIGITAL UNIX.
This patch may be obtained from the World Wide Web at the
following FTP address:
http://www.service.digital.com/patches
Patch file name: SSRT0612U_im_upd06991.tar
Use the FTP access option via browse patch tree,
select DIGITAL_UNIX directory then choose the appropriate
version directory and download the patch accordingly.
Note:
There is a README file (ssrt0612u_im_upd06991.README)
with this patch.
Additional Considerations:
If you need further information, please contact your normal
Compaq Services support channel.
Compaq appreciates your cooperation and patience. We regret any
inconvenience applying this information may cause.
As always, Compaq urges you to periodically review your system
management and security procedures.
Compaq will continue to review and enhance the security
features of its products and work with customers to maintain and
improve the security and integrity of their systems.
__________________________________________________________
Copyright (c) Compaq Computer Corporation, 1999 All
Rights Reserved.
Unpublished Rights Reserved Under The Copyright Laws Of
The United States.
__________________________________________________________