Return-Path: owner-fw-announce@firewall.gr.jp To: fw-announce@firewall.gr.jp Subject: [fw-announce:342] SSRT0614U_RPC_CMSD Potential Security Problem When Using rpc.cmsd From: SAKAI Yoriyuki Message-Id: <199911040843.BBD70035.BTJLB@lac.co.jp> X-Mailer: Winbiff [Version 2.20 PL4] Date: Thu, 4 Nov 1999 08:43:17 +0900 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-fw-announce@firewall.gr.jp Reply-To: fw-announce@firewall.gr.jp X-Ml-Name: fw-announce X-Ml-Count: 342 X-Sequence: fw-announce 342 Delivered-To: mailing list fw-announce@firewall.gr.jp X-Delivered-To: mailing list fw-announce@firewall.gr.jp X-Ml-Info: If you have a question, send a mail with the body "help" (without quotes) to the address majordomo@firewall.gr.jp Precedence: bulk TITLE: SSRT0614U_RPC_CMSD Potential Security Problem When Using rpc.cmsd Copyright (c) Compaq Computer Corporation 1999. All rights reserved. * No Restrictions For Distribution * ______________________________________________________________ UPDATE: November 2, 1999 TITLE: Potential Security Problem when using rpc.cmsd (calendar manager). CERT Advisory CA-99-08 SOURCE: Compaq Computer Corporation Software Security Response Team "Compaq is broadly distributing this Security Advisory in order to bring to the attention of users of Compaq products the important security information contained in this Advisory. Compaq recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Compaq does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Compaq will not be responsible for any damages resulting from user's use or disregard of the information provided in this Advisory." ---------------------------------------------------------------------- IMPACT: This fix was implemented in response to the recent posting of the CERT CA-99-08-cmsd advisory. ---------------------------------------------------------------------- RESOLUTION: This potential security problem has been resolved and a patch for this problem has been made available for Tru64 UNIX V4.0D, V4.0E and V4.0F. This patch can be installed on: V4.0D Patch kit BL11 or BL12. V4.0E Patch kit BL1 or BL12. V4.0F Patch kit BL1. *This solution will be included in a future distributed release of Compaq's DIGITAL UNIX. This patch may be obtained from the World Wide Web at the following FTP address: http://www.service.digital.com/patches Patch file name: SSRT0614U_rpc.cmsd.tar Use the FTP access option, select DIGITAL_UNIX directory then choose the appropriate version directory and download the patch accordingly. Note: There is a README file included with this patch, which contains installation instructions. Additional Considerations: If you need further information, please contact your normal Compaq Services support channel. Compaq appreciates your cooperation and patience. We regret any inconvenience applying this information may cause. As always, Compaq urges you to periodically review your system management and security procedures. Compaq will continue to review and enhance the security features of its products and work with customers to maintain and improve the security and integrity of their systems. ______________________________________________________________ Copyright (c) Compaq Computer Corporation, 1999 All Rights Reserved. Unpublished Rights Reserved Under The Copyright Laws Of The United States. ______________________________________________________________