HP patches critical security holes in Tru64 Unix

HP patches critical security holes in Tru64 Unix

Summary: Vulnerabilities have been found in HP's high-end Unix operating system that could allow attackers to take over a server or knock it offline

SHARE:

Critical security vulnerabilities in HP's Tru64 Unix operating system were patched on Friday after it was discovered that implementations of IPsec and SSH programs, which carry VPN and secure system command traffic, were vulnerable to attackers.

The vulnerabilities are an embarrassment to HP because both were found in vital components of the operating system and both could enable malicious users to either take control of a machine or launch a denial of service attack. SSH, a secure Telnet program, is used to securely send commands to a server, while IPSec is used to create virtual private networks to carry encrypted information over the Internet between two computers.

Although full details about the vulnerabilities have not been published, HP has issued patches that will fix any known problems. Only HP's Tru64 UNIX 5.1B is affected and fixes for both the IPsec software and SSH software can be found on HP's Web site.

IPSec version 2.1.1 and SSH version 3.2.2 are not vulnerable and can be downloaded from HP's Web site.

HP's Tru64 version of Unix, which came from Digital Equipment, is being phased out in favour of HP-UX and engineers have been working to bring some of Tru64's features to HP-UX.

HP is gradually phasing out Tru64, which runs on the AlphaServer line, and is encouraging customers to move to its Integrity line of servers based on Intel's Itanium processor. Improvements to HP-UX include cluster technology to share services across a group of servers, long a Digital forte. HP-UX 11i v3, the version slated to incorporate the technology, is now scheduled for release in the second half of 2005 rather than by the end of 2004.

Topics: Apps, Software Development

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion