[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 107/04 - HEWLETT-PACKARD SECURITY BULLETIN HPSBTU00030



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 107/04 dated 05.03.04  Time: 10:15  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Tru64 UNIX IPsec/IKE Potential Remote Unauthorized Access.

Detail
====== 

A potential security vulnerability has been identified in the HP Tru64 
UNIX operating system using IPsec/IKE (Internet Key Exchange) with  
Certificates and may be remotely exploitable, resulting in unauthorized
privileged access.



      ESB-2004.0181 -- HEWLETT-PACKARD SECURITY BULLETIN HPSBTU00030
    SSRT3674 Tru64 UNIX IPsec/IKE Potential Remote Unauthorized Access
                               05 March 2004


Product:                IPsec/IKE
Operating System:       HP Tru64 UNIX 5.1B - PK2(BL22), PK3(BL24)
                        HP Tru64 UNIX 5.1A - PK6(BL24)
Impact:                 Increased Privileges
Access Required:        Remote

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


HP SECURITY BULLETIN   HPSBTU00030   REVISION: 0

TITLE: SSRT3674 Tru64 UNIX IPsec/IKE Potential Remote Unauthorized
       Access

 -----------------------------------------------------------
NOTICE:   
 There are no restrictions for distribution of this Bulletin  provided that it remains complete and intact. 

 The information in this Security bulletin should be acted
 upon as soon as possible.

INITIAL RELEASE: March 2004


POTENTIAL SECURITY IMPACT:  Remote unauthorized access and
                                           privileges.

SOURCE:    HEWLETT-PACKARD COMPANY
                HP Software Security Response Team

REFERENCES:    N/A

VULNERABILITY SUMMARY:
A potential security vulnerability has been identified in the HP Tru64  UNIX operating system using IPsec/IKE (Internet Key Exchange) with  Certificates and may be remotely exploitable, resulting in unauthorized privileged access.


SUPPORTED SOFTWARE VERSIONS*:  ONLY impacted versions are listed.

   o HP Tru64 UNIX 5.1B     PK2(BL22), PK3(BL24)
   o HP Tru64 UNIX 5.1A     PK6(BL24)


BACKGROUND:
See Resolution

RESOLUTION:
Until the corrections are available in  mainstream release patch kits, HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer.

The ERP kits use dupatch to install and will not install over any installed Customer Specific Patches (CSPs) that have file intersections with the ERPs.  Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs.

The fixes contained in the ERP kits are scheduled to be available in the following mainstream patch kit for Tru64 UNIX V5.1B PK4

Corrections for V5.1A are available via web kit and
are not included as part of the Base OS.

Early Release Patches

Note: These ERPs deliver new functionality that allows you to restrict connection access to an authorized list of remote identities (IDs) when configuring IPsec/IKE for both a host and a gateway. Implementing this new functionality is a 2-Step process: 

    1. Install the 5.1B OS patch kit or the 5.1A web kit on the
        target system
    2. Follow the instructions in the Technical Update listed in
       the resolution section of this Bulletin.

HP Tru64 UNIX 5.1B
PREREQUISITE:  HP Tru64 UNIX with 5.1B with PK2 (BL22) or PK3
(BL24) installed *
ERP Kit Name:    T64KIT0021591-V51BB24-ES-20040216.tar       
Kit Readme Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=
T64KIT0021591-V51BB24-ES-20040216  

*The  V5.1B patch kit is installable on both 5.1B PK2
and PK3 based systems.

MD5  checksums are available from the ITRC patch database
main page
http://www.itrc.hp.com/service/patch/mainPage.do.
- - - - From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.

HP Tru64 UNIX 5.1A
PREREQUISITE:   HP Tru64 UNIX with 5.1A  installed
ERP Kit Name:     ipsec_binary_X2.1.2.tar.gz

The v2.1.2 IPsec web kit can be downloaded from the following
location: http://h30097.www3.hp.com/unix/ipsec/index.html


Associated Documentation Note:

NOTE: These ERPs deliver new functionality that allows you to restrict connection access to an authorized list of remote identities (IDs)when configuring IPsec/IKE for both a host and a gateway. Implementing this new functionality is a 2-Step process:

    1. Install the 5.1B OS patch kit or the 5.1A web kit on the
        target system.
    2. Follow the instructions in the Technical Update listed in
       the resolution section of this Bulletin.

Required for implementing the new remote identity (ID) restriction functionality following installation of the 5.1B or 5.1A patch kits.

Tru64 UNIX V5.1B
The following associated documentation for securely configuring IPsec/IKE following application of the patch kit is available at the following location in a V5.1B Technical Update:

http://h30097.www3.hp.com/docs/updates/V51B/TITLE.HTM

Please reference item 12 in the the section entitled Feb 23rd, 2004 Configuring IPsec for implementing the new  usr/sbin/sysman ipsec configuration functionality for restricting remote identities (IDs) for both a host and a gateway.

Tru64 UNIX V5.1A
The Technical Documentation update for the V5.1A IPsec Web kit is included with the web kit download file. Please reference item 12 in the the section entitled Feb 23rd, 2004 Configuring IPsec for implementing the new usr/sbin/sysman ipsec configuration functionality for restricting remote identities (IDs) for both a host and a gateway.


MD5 checksums are available from the ITRC patch database main page http://www.itrc.hp.com/service/patch/mainPage.do.  From the patch database main page, click Tru64 UNIX and then click verifying MD5 checksums under useful links.


* The software product category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number: GN=General, MA=Management Agents, MI=Misc. 3rd party, MP=HP-MPE/iX, NS=HP NonStop Servers, OV=HP OpenVMS, PI=HP Printing & Imaging, ST=HP Storage, TU=HP Tru64 UNIX, TL=Trusted Linux, UX=HP-UX, VV=Virtual Vault 


SUPPORT: For further information, contact HP Services support channel. 

SUBSCRIBE: To subscribe to receive future HP Security Bulletins
           via Email:
http://www1.itrc.hp.com
1. Login (free account registration is required)
2. Select "subscribe to security bulletins and patch digests" 3. Select desired digests.


REPORT: To report a potential security vulnerability with any HP supported product, send email to: security-alert@xxxxxx

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

(c)Copyright 2004 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

- - -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com

iQA/AwUBQEcyi+AfOvwtKn1ZEQIWDQCgwaMiMnQFw5fGPr/qhKdz7FLhS+4An3GX
UlvOuZiv0SxpJigQMaEiJJbx
=KaAC
- - -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Hewlett-Packard for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQEhS7Ipao72zK539AQF72wP+Ooyt/g47Q/XDMl6az5YTDou5zP5r5pIn
ORxD3fI7TUFWLVmzWV1P2+tsluqgLvcnRE3uXyuNLfkzfeebWVM7026/VltdjPXI
5f/1971ur2cIxoJuR0+rU8/T57VTnrVDuGNrMm0AOKQdi4r3Bj/WSsK2xnXeNylC
5qH+p/0gIzU=
=ZdAD
-----END PGP SIGNATURE-----