HP patches critical security holes in Tru64 Unix

Summary:Vulnerabilities have been found in HP's high-end Unix operating system that could allow attackers to take over a server or knock it offline

Critical security vulnerabilities in HP's Tru64 Unix operating system were patched on Friday after it was discovered that implementations of IPsec and SSH programs, which carry VPN and secure system command traffic, were vulnerable to attackers.

The vulnerabilities are an embarrassment to HP because both were found in vital components of the operating system and both could enable malicious users to either take control of a machine or launch a denial of service attack. SSH, a secure Telnet program, is used to securely send commands to a server, while IPSec is used to create virtual private networks to carry encrypted information over the Internet between two computers.

Although full details about the vulnerabilities have not been published, HP has issued patches that will fix any known problems. Only HP's Tru64 UNIX 5.1B is affected and fixes for both the IPsec software and SSH software can be found on HP's Web site.

IPSec version 2.1.1 and SSH version 3.2.2 are not vulnerable and can be downloaded from HP's Web site.

HP's Tru64 version of Unix, which came from Digital Equipment, is being phased out in favour of HP-UX and engineers have been working to bring some of Tru64's features to HP-UX.

HP is gradually phasing out Tru64, which runs on the AlphaServer line, and is encouraging customers to move to its Integrity line of servers based on Intel's Itanium processor. Improvements to HP-UX include cluster technology to share services across a group of servers, long a Digital forte. HP-UX 11i v3, the version slated to incorporate the technology, is now scheduled for release in the second half of 2005 rather than by the end of 2004.

Topics: Developer


Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.