TCP/IP Services for OpenVMS SSH Bug Lets Remote Users Gain Access
|
|
SecurityTracker Alert ID: 1019727
|
|
SecurityTracker URL: http://securitytracker.com/id?1019727
|
|
CVE Reference: CVE-2008-0704
(Links to External Site)
|
Date: Mar 28 2008
|
Impact: User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: HP Security Bulletin
|
Version(s): OpenVMS 5.4, 5.5, 5.6
|
Description: A vulnerability was reported in TCP/IP Services for OpenVMS. A remote user can access the system.
The SSH server contains an unspecified flaw. A remote user can gain access to the target system.
HP Integrity and HP Alpha systems running HP OpenVMS TCP/IP Services are affected.
|
Impact: A remote user can access the system.
|
Solution: The vendor has issued the following fixes.
TCPIP v5.4 ECO 7 (Alpha only)
ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/DEC-AXPVMS-TCPIP-V0504-15ECO7-1.PCSI-DCX_
AXPEXE
TCPIP v5.5 ECO 3
ftp://ftp.itrc.hp.com/openvms_patches/layered_products/i64/HP-I64VMS-TCPIP-V0505-11ECO3-1.ZIPEXE
ftp://ftp.itrc.hp.com/openvms_patches/laye
red_products/alpha/DEC-AXPVMS-TCPIP-V0505-11ECO3-1.ZIPEXE
TCPIP v5.6 ECO 2
ftp://ftp.itrc.hp.com/openvms_patches/layered_products/i64/HP-I64VMS-TCPIP-V0506-9ECO2-1.
ZIPEXE
ftp://ftp.itrc.hp.com/openvms_patches/layered_products/alpha/DEC-AXPVMS-TCPIP-V0506-9ECO2-1.ZIPEXE
The vendor's advisory
is available at:
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01414022
|
Vendor URL: www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01414022 (Links to External Site)
|
Cause: Not specified
|
Underlying OS: OpenVMS
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 28 Mar 2008 10:39:28 -0500
Subject: HPSBOV02278 SSRT071479 rev.1 - HP OpenVMS SSH Using TCP/IP Services for OpenVMS, Remote Unauthorized Access
|
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01414022
CVE-2008-0704
|
|
