---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: HP UX Tru64 Multiple SSL and BIND Vulnerabilities SECUNIA ADVISORY ID: SA24930 VERIFY ADVISORY: http://secunia.com/advisories/24930/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: HP Tru64 UNIX 4.x http://secunia.com/product/6/ HP Tru64 UNIX 5.x http://secunia.com/product/2/ DESCRIPTION: HP has acknowledged some vulnerabilities in HP Tru64 Unix. 1) Some vulnerabilities in SSL can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA21709 SA22130 The vulnerabilities are reported in HP Tru64 UNIX v 5.1B-4 and HP Tru64 UNIX v 5.1B-3. 2) Some vulnerabilities in BIND can be exploited by malicious people to cause a DoS. For more information: SA23904 The vulnerabilities are reported in the following products: * HP Tru64 UNIX v 5.1B-4 * HP Tru64 UNIX v 5.1B-3 * HP Tru64 UNIX v 5.1A PK6 * HP Tru64 UNIX v 4.0G PK4 * HP Tru64 UNIX v 4.0F PK8 SOLUTION: The vendor expects to fix this in HP Tru64 UNIX v 5.1B-5. In the meantime, apply ERP Kits: HP Tru64 UNIX Version 5.1B-4 ERP Kit http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070 HP Tru64 UNIX Version 5.1B-3 ERP Kit http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070 HP Tru64 UNIX Version 5.1A PK6 ERP Kit http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070 HP Tru64 UNIX Version 4.0G PK4 ERP Kit http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070 HP Tru64 UNIX Version 4.0F PK8 ERP Kit http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA22130: http://secunia.com/advisories/22130/ SA23904: http://secunia.com/advisories/23904/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------