---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: HP Tru64 UNIX and HP Internet Express Sendmail Vulnerability SECUNIA ADVISORY ID: SA20473 VERIFY ADVISORY: http://secunia.com/advisories/20473/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: HP Tru64 UNIX 4.x http://secunia.com/product/6/ HP Tru64 UNIX 5.x http://secunia.com/product/2/ SOFTWARE: HP Internet Express 6.x http://secunia.com/product/2040/ DESCRIPTION: HP has acknowledged a vulnerability in HP Tru64 UNIX and HP Internet Express running sendmail, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA19342 The vulnerability has been reported in the following versions: * HP Tru64 UNIX 5.1B-3 * HP Tru64 UNIX 5.1B-2/PK4 * HP Tru64 UNIX 5.1A PK6 * HP Tru64 UNIX 4.0G PK4 * HP Tru64 UNIX 4.0F PK8 * HP Internet Express for Tru64 UNIX V6.3 * HP Internet Express for Tru64 UNIX V6.4 * HP Internet Express for Tru64 UNIX V6.5 SOLUTION: Apply ERP kits. HP Tru64 UNIX Version 5.1B-3: http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000619-V51BB26-ES-20060515 MD5 Checksum: d8bb00d342b21de6fba54baed8617282 HP Tru64 UNIX Version 5.1B-2/PK4: http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000617-V51BB25-ES-20060515 MD5 Checksum: 1d8a0dc34628b5898c99b6dab2714320 HP Tru64 UNIX Version 5.1A PK6: http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000618-V51AB24-ES-20060515 MD5 Checksum: b9a2ef1d0c1745ce0fa265b2d2fd8c32 HP Tru64 UNIX Version 4.0G PK4: http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1000635-V40GB22-ES-20060519 MD5 Checksum: 2c74941543d969c92adef38a44b5c764 HP Tru64 UNIX Version 4.0F PK8: http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1000636-V40FB22-ES-20060519 MD5 Checksum: 9735ad5cc5c705e8bbbbefb01feb4128 HP Internet Express for Tru64 UNIX V6.3: http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-631-SENDMAIL-SSRT-061135 MD5 Checksum: ee9e7d5b0cc01e0424edc05021670820 HP Internet Express for Tru64 UNIX V6.4: http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-641-SENDMAIL-SSRT-061135 MD5 Checksum: 5b1a544575a62831c173fc489b8eaeea HP Internet Explorer for Tru64 UNIX V6.5: http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX-651-SENDMAIL-SSRT-061135 MD5 Checksum: 0b6268159a9957c56ff2f35cea2057d8 ORIGINAL ADVISORY: HPSBTU02116 SSRT061135: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 OTHER REFERENCES: SA19342: http://secunia.com/advisories/19342/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------