• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple HP Tru64 C Library Vulnerabilities

Severity: HIGH

Description:

HP has recently issued fixes for numerous security vulnerabilities in the implementation of the C library for Tru64. These vulnerabilities may affect many programs with a variety of consequences including local privilege escalation, denial of service and, remote root compromise.

This entry may be modified during analysis as some of the reported vulnerabilities are already in the Symantec vulnerability database. The reported vulnerabilities are:

- SSRT2322 Bind resolver exploit in ISC
- SSRT2384 TCP exploit denies all RPC service
- SSRT2341 calloc() potential overflow
- SSRT2439 xdrmem_getbytes() potential overflow
- SSRT2412 portmapper hang after port scan with C2 enabled

The list of affected executables are as follows:

/usr/bin/ypmatch
/usr/sbin/traceroute
/usr/sbin/lpc
/usr/bin/lprm
/usr/bin/lpq
/usr/bin/lpr
/usr/lbin/lpd
/usr/bin/binmail
/usr/bin/ipcs
/usr/sbin/quot
/usb/bin/at
/usr/bin/ps
/usr/bin/uux
/usr/bin/uucp
/usr/bin/csh
/usr/bin/rdist
/usr/bin/mh/inc
/usr/bin/mh/msgchk
/usr/sbin/imapd
/usr/bin/deliver
/sbin/.upd..loader
/usr/dt/bin/mailcv
/usr/dt/bin/dtterm
/usr/dt/bin/dtsession
/usr/dt/bin/rpc.ttdbserverd
/usr/bin/X11/dxterm
/usr/bin/X11/dxconsole
/usr/bin/X11/dxpause
/usr/bin/X11/dxsysinfo
/usr/sbin/telnetd
/usr/bin/su
/usr/bin/chsh
/usr/bin/passwd
/usr/bin/chfn
/usr/tcb/bin/dxchpwd

Affected Products:

• Compaq Tru64 4.0.0 f PK7 (BL18)
• Compaq Tru64 4.0.0 g PK3 (BL17)
• Compaq Tru64 5.1.0 PK6 (BL20)
• Compaq Tru64 5.1.0 b PK1 (BL1)
• HP Tru64 5.1.0a PK4 (BL21)

References:

• HP: SSRT2275__SSRT2229 Potential Security Vulnerability Patches
• HP: SSRT2322_2341_2384_2412_2439 - HP Tru64 UNIX Potential libc Security Vulnerabili
• HP: SSRT2322__2341__2384__2412__2439 - HP Tru64 UNIX Potential libc Security Vulnera
• HP: SSRT2322__2341__2384__2412__2439 - HP Tru64 UNIX Potential libc Security Vulnera
• HP: SSRT2322__2341__2384__2412__2439 - HP Tru64 UNIX Potential libc Security Vulnera

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.