topic Upgrade and Vulnerability - Please URGENT in Operating System - HP-UX

Upgrade and Vulnerability - Please URGENT

vishal_18 — Thu, 27 Jan 2005 04:22:14 GMT

Dear All
We have HP rp7400 Server which is 2 Node cluster with 4 CPU, 4 GB RAM, 6 GB Swap Memory, with va7100 array (6X36 GB), having HPUX B.11.11.U ver. and running Oracle 9i & 9iAS with 4 Packages. Three Package in NODE one and One Package in NODE two.

Now the issue is our Nework Security Team has suggested few VULNERABILITY which reads as - "ftp(21/tcp) flaw server is running an FTP server which is vulnerable to 'glob heap corruption flaw'. And attacker may use this problem to executed arbitory commands" and they

RECOMMENDED --- Upgrade ftp server software to latest version.

I want to know what is this glob heap corruption flaw and how to upgrade the ftp server software to latest.

I also want to know how to add, delete, stop and start the services.

Regds
Vishal

Re: Upgrade and Vulnerability - Please URGENT

Robert-Jan Goossens — Thu, 27 Jan 2005 05:21:56 GMT

Hi Vishal,

https://www.prosumis.com/account/viewtest.php?id=10821&PHPSESSID=1172506e1a3b6e22d86373a597bb985f

PHNE_21936 ftp patch for 11.0, latest ftp patch for 11i

http://www4.itrc.hp.com/service/patch/patchDetail.do?BC=patch.breadcrumb.main|patch.breadcrumb.search|&patchid=PHNE_29461&context=hpux:800:11:11

Regards,
Robert-Jan

Re: Upgrade and Vulnerability - Please URGENT

Ravi_8 — Thu, 27 Jan 2005 05:48:40 GMT

Hi

we had the same problem with our security team, we applied recent ftp patch, It solvd the problem

Re: Upgrade and Vulnerability - Please URGENT

vishal_18 — Thu, 27 Jan 2005 07:01:25 GMT

Hi

Visal again, actually i want to know anothere thing that-- there will not be any issue with this after upgradeing to the server / database...

I also want to know how to add, delete, stop and start the services - such as snmp, smtp etc

regds

Re: Upgrade and Vulnerability - Please URGENT

Tom Danzig — Thu, 27 Jan 2005 08:48:25 GMT

To add or delete inetd services such as telnet, ftp, etc., simply comment out the appropriate lines in /etc/inetd.conf and run 'inetd -c' to apply the changes.

Re: Upgrade and Vulnerability - Please URGENT

Bill Hassell — Thu, 27 Jan 2005 09:00:21 GMT

Since the patch only affects ftpd, there will be no change to your database software. Like all patches, you need to read the details to see if there are potential conflicts. The only safe way to patch your system is by having a test system that is a copy of your production system. And always make regular Ignite/UX backups.

As far as starting and stopping services, these are configured in the /etc/rc.config.d directory. These files start various services at bootup, and terminate them down during a shutdown. For example, to turn off all SNMP services, set the enabling flag to =0 rather than =1 in these files:

/etc/rc.config.d/SnmpMaster
/etc/rc.config.d/SnmpHpunix
/etc/rc.config.d/SnmpTrpDst
/etc/rc.config.d/SnmpMib2

For sendmail (SMTP), edit

/etc/rc.config.d/mailservs

Here are the details:
http://docs.hp.com/en/5990-8172/ch05s03.html

If you need to stop the services immediately, use the start/stop scripts:

/sbin/init.d/SnmpMaster stop
/sbin/init.d/SnmpHpunix stop
/sbin/init.d/SnmpTrpDst stop
/sbin/init.d/SnmpMib2 stop

Now you can edit the config files. Some start/stop scripts have been coded so that the stop command is ignored if the enabling flag (=1) is set to zero (=0), so stop the service then edit the config files.

Re: Upgrade and Vulnerability - Please URGENT

Florian Heigl (new acc) — Thu, 27 Jan 2005 09:11:59 GMT

"we had the same problem with our security team, we applied recent ftp patch, It solvd the problem"

You didn't have a problem with Your security team - they had one with You.
You should at least with one system that runs the hp security patch notification if You don't stay uptodate otherwise. This is more than risky.

just my $.02

Re: Upgrade and Vulnerability - Please URGENT

vishal_18 — Fri, 28 Jan 2005 02:12:53 GMT

Thanks a lot to one and all

vishal