Hewlett-Packard Co. recently discovered and patched a potential vulnerability in its Tru64 Unix operating system that could have resulted in unauthorized access or a denial-of-service attack.
The patch, released Jan. 7, surfaced in the following week though a security bulletin published by HP. The bulletin, referenced as “SSRT3629A/B,” concerns HP Tru64 Unix Version 5.1B PK2 and PK3 when running IPsec software kits earlier than Version 2.1.1, as well as a Secure Shell software kit thats earlier than Version 3.2.2.
A copy of the advisory states was reproduced on the Tru64.org community site.
Although Tru64 has been a critical part of HPs enterprise infrastructure, the company has begun a gradual phase-out of both the HP Tru64 Unix OS as well as the Alpha microprocessor which powers it. Instead, HP has moved to HP-UX, which runs on Intels 64-bit Itanium microprocessors and the companys own PA-RISC chips. According to the companys road map, HP will introduce the last new Alpha chip in 2004 and will stop selling AlphaServers in 2006. The company will end support of the systems in 2011.
Until making that move, however, system administrators will have to apply the patch available on available on HPs support Web site. HP has also published both an IPsec V2.1.1 update as well as a Tru64 UNIX Secure Shell (SSH) V3.2.2 update to the companys Web site.
At the same time, the company warned IT admins that the V5.1B ERP kits use “dupatch” to install and will not install over any customer-specific patches the customer may have installed.
