what you don't know can hurt you

043

043
Posted Sep 23, 1999

043

MD5 | b2989ce3c3223099e892c531b87fa7c0

043

Change Mirror Download

From support@us.external.hp.com Tue Dec 24 17:13:07 1996
Date: Tue, 24 Dec 1996 03:46:34 -0800
From: HPSL Mail Service <support@us.external.hp.com>
Reply-To: support-feedback@us.external.hp.com
To: security_info_4@us.external.hp.com
Subject: RE: Security Bulletins Digest

--------
===============================================================================
***HP SupportLine Mail Service Notice***

This digest contains a summary of all newly received Security Bulletins.

You do not have to have any form of support from Hewlett-Packard to subscribe
to this digest or to procure the recommended patches via the HP SupportLine
mail service.

-------------------------------------------------------------------------------

To obtain a copy of the HP SupportLine mail service user's guide, send the
following (in the TEXT PORTION OF THE MESSAGE to) to the HP SupportLine mail
service.

To: support@us.external.hp.com

Message Text:

send guide

-------------------------------------------------------------------------------

To obtain a patch identified within this Security Bulletin, send the following
(in the TEXT PORTION OF THE MESSAGE) to the HP SupportLine mail service.

To: support@us.external.hp.com

Message Text:

send xxxxxxxxxxxx

(where xxxxxxxxxxxx represents the specified patch name).

-------------------------------------------------------------------------------

If you have concerns about security issues, please forward them to:

security-alert@hp.com

The security-alert node is monitored during working hours Pacific Daylight Time
by multiple HP Security Response Team personnel. We reply to your message only
if necessary to obtain additional information.

-------------------------------------------------------------------------------

If you would like to be REMOVED from this mailing lists, send the following (in
the TEXT PORTION OF THE MESSAGE) to the HP SupportLine mail service.

To: support@us.external.hp.com

Message Text:

unsubscribe security_info

===============================================================================

Digest Name: security_info
Description: Daily Security Bulletins Digest
Created: Tue Dec 24 03:00:01 1996 PST


-------------------------------------------------------------------------------
Summary of 'Daily Security Bulletins Digest' documents
-------------------------------------------------------------------------------
Document Id Description Page 1
-------------------------------------------------------------------------------
HPSBUX9612-043 Vulnerability with direct audio user space code

===============================================================================
Detailed list of 'Daily Security Bulletins Digest' documents
===============================================================================
Document Id: [HPSBUX9612-043]
Date Loaded: [12-24-96]

Description: Vulnerability with direct audio user space code
===============================================================================

-------------------------------------------------------------------------
HEWLETT-PACKARD SECURITY BULLETIN: #00043, 24 December 1996
-------------------------------------------------------------------------

The information in the following Security Bulletin should be acted upon
as soon as possible. Hewlett Packard will not be liable for any
consequences to any customer resulting from customer's failure to fully
implement instructions in this Security Bulletin as soon as possible.

-------------------------------------------------------------------------
PROBLEM: Vulnerability with direct audio user space code causes panics

PLATFORM: HP 9000 s700 systems only, running HP-UX version 10.10 or 10.20

DAMAGE: Vulnerability makes it possible for an logged-on user to cause a
Denial of Service (DoS).

SOLUTION: Apply patch PHKL_9579 (HP-UX 10.10), or
PHKL_9580 (HP-UX 10.20).

AVAILABILITY: All patches are available now.

-------------------------------------------------------------------------
I.
A. Background

A recent mailing list entry described a freeware direct audio
application that can panic the system. Currently all audio
applications shipped by HP use "Aserver", which will not exhibit this
problem. The operating system panic occurs only on HP-UX releases
10.10 and 10.20. The necessary audio hardware may be found on all
s700 machines except HP9000 s705, s710 and s74x, which are immune.
Any machine with CD quality audio hardware will exhibit the problem.

B. Fixing the problem

This vulnerability can only be eliminated from HP-UX releases 10.10 and
10.20 by applying the appropriate patch listed above.

C. Impact of the patch

The patches patch the kernel library module /usr/conf/lib/libhp-ux.a
(audio.o) to fix the vulnerability. There are no known side effects.
Installation instructions are contained within the patches.

D. To subscribe to automatically receive future NEW HP
Security Bulletins from the HP SupportLine Digest service via
electronic mail, do the following:

1) From your Web browser, access the URL:

http://us-support.external.hp.com (US,Canada,
Asia-Pacific, and Latin-America)

http://europe-support.external.hp.com (Europe)

2) On the HP Electronic Support Center main screen, select
the hyperlink "Support Information Digests".

3) On the "Welcome to HP's Support Information Digests" screen,
under the heading "Register Now", select the appropriate hyperlink
"Americas and Asia-Pacific", or "Europe".

4) On the "New User Registration" screen, fill in the fields for
the User Information and Password and then select the button labeled
"Submit New User".

5) On the "User ID Assigned" screen, select the hyperlink
"Support Information Digests".

** Note what your assigned user ID and password are for future
reference.

6) You should now be on the "HP Support Information Digests Main"
screen. You might want to verify that your email address is correct
as displayed on the screen. From this screen, you may also
view/subscribe to the digests, including the security bulletins
digest.

To get a patch matrix of current HP-UX and BLS security
patches referenced by either Security Bulletin or Platform/OS,
click on following screens in order:
Technical Knowledge Database
Browse Security Bulletins
Security Bulletins Archive
HP-UX Security Patch Matrix


E. To report new security vulnerabilities, send email to

security-alert@hp.com

Please encrypt any exploit information using the security-alert
PGP key, available from your local key server, or by sending a
message with a -subject- (not body) of 'get key' (no quotes) to
security-alert@hp.com.



Permission is granted for copying and circulating this Bulletin to
Hewlett-Packard (HP) customers (or the Internet community) for the
purpose of alerting them to problems, if and only if, the Bulletin is
not edited or changed in any way, is attributed to HP, and provided
such reproduction and/or distribution is performed for non-commercial
purposes.

Any other use of this information is prohibited. HP is not liable
for any misuse of this information by any third party.
_______________________________________________________________________
Login or Register to add favorites

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    1 Files
  • 18
    Apr 18th
    1 Files
  • 19
    Apr 19th
    19 Files
  • 20
    Apr 20th
    18 Files
  • 21
    Apr 21st
    30 Files
  • 22
    Apr 22nd
    18 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close