SSRT2385
Published: 2002-11-13 18:17:07
Updated: 2002-11-13 18:17:07
*******************************************************************************
* *
* This is a newly released patch... *
* *
* Online links can be found at *
* http://ftp.support.compaq.com/patches/public/unix/v4.0g/osisv54_ssrt2385_40g_patch.README
*******************************************************************************
TITLE: OSIS V5.4 LDAP Module for System Authentication Potential Security Vulnerability
New Kit Date: 13-NOV-2002
Modification Date: Not Applicable
Modification Type: NEW KIT
Copyright (c) Hewlett-Packard Company 2002. All rights reserved.
PRODUCT: OSIS [R] V5.4
SOURCE: Hewlett-Packard Company
ECO INFORMATION:
ECO Name: OSISV54_SSRT2385_40G_PATCH
ECO Kit Approximate Size: 287KB
Kit Applies To: OSIS V5.4 with Tru64 UNIX 4.0G or TruCluster 1.6
ECO Kit CHECKSUMS:
/usr/bin/sum results:
02386 280
/usr/bin/cksum results:
3317683549 286720
ECO KIT SUMMARY:
A manually-installed, Early Release Patch kit exists for OSIS V5.4 that
contains solutions to the following problem(s):
A potential security vulnerability has been has been identified in the
Lightweight Directory Access Protocol (LDAP) Module for System Authentication
from Open Source Internet Solutions (OSIS) V5.4. (Later versions of OSIS have
been renamed Internet Express for Tru64 UNIX.)
The potential vulnerability may result in nonprivileged users gaining
unauthorized access to files or privileged access on the system. This potential
vulnerability may be in the form of local and remote security domain risks.
The following potential security vulnerability has been corrected:
o SSRT2385 LDAP (Severity - High)
The Patch Installation Instructions are located in the README.txt contained in
the patch kit. Please read all of the installation instructions prior to
installing patches on your system.
This fix will only be available in the form of a patch for OSIS 5.4 and
Tru64 UNIX 4.0G or TruCluster 1.6 software.
INSTALLATION NOTES:
This patch is manually-installed using the following instructions which are
also contained in the README.txt contained in the patch kit.
As root, on the target system:
------------------------------
1. Unpack the tar file into a temporary location:
# mkdir /tmp/ldap_patch
# cd /tmp/ldap_patch
2. Disable LDAP Authentication:
# /usr/internet/ldap_tools/ldap_disable
3. Preserve the existing files and copy the new files into place:
# cd /usr/sbin
# cp -p ldapcd ldapcd.prepatchSSRT2385
# cp -p /tmp/ldap_patch/usr/sbin/ldapcd .
# cd /usr/shlib
# cp -p libsialdap.so libsialdap.so.prepatchSSRT2385
# cp -p /tmp/ldap_patch/usr/shlib/libsialdap.so .
4. Re-enable LDAP Authentication
# /usr/internet/ldap_tools/ldap_enable
INSTALLATION PREREQUISITES:
You must have installed OSIS V5.4 and Tru64 UNIX 4.0G or TruCluster Server 1.6
prior to installing this Early Release Patch Kit.
KNOWN PROBLEMS WITH THE PATCH KIT:
None.
AFFECTED SYSTEM FILES:
This patch delivers the following files:
Open Source Internet Solutions (OSIS) V5.4
./usr/sbin/ldapcd
CHECKSUM: 54393 200
SUBSET: IAEAPAD584
./usr/shlib/libsialdap.so
CHECKSUM: 10971 64
SUBSET: IAEAPAD584
[R] UNIX is a registered trademark in the United States and other countries
licensed exclusively through X/Open Company Limited.
Copyright Hewlett-Packard Company 2002. All Rights reserved.
This software is proprietary to and embodies the confidential technology
of Hewlett-Packard Company. Possession, use, or copying of this
software and media is authorized only pursuant to a valid written license
from Hewlett-Packard or an authorized sublicensor.
This ECO has not been through an exhaustive field test process.
Due to the experimental stage of this ECO/workaround, Hewlett-Packard
makes no representations regarding its use or performance. The
customer shall have the sole responsibility for adequate protection
and back-up data used in conjunction with this ECO/workaround.
