topic Re: Apply SNMP vulnerabilities patch or not? in Operating System - HP-UX

Apply SNMP vulnerabilities patch or not?

marktam — Thu, 14 Mar 2002 09:06:25 GMT

I want to apply apply SNMP vulnerabilites patch (PHSS_26137) in my hpux 10.20 using swinstall.

Does I use mark it all or match or "Match What target had" item?

If the matching was failed when using "Match What target had" item, that mean this patch was not useful for my system?

Thanks
MT.

Re: Apply SNMP vulnerabilities patch or not?

Alexander M. Ermes — Thu, 14 Mar 2002 09:33:27 GMT

Hi there.
use the 'Mark for install' .
It then does an analysis run.
If there are any errors, it will show it in the logfile. You should keep your eyes on it during the analysis. If the analysis succeeds, go for install, but be careful.
It may be, that the patch requires a reboot.
check that first.
Rgds
Alexander M. Ermes

Re: Apply SNMP vulnerabilities patch or not?

Ceesjan van Hattum — Thu, 14 Mar 2002 11:54:10 GMT

"The Match What Target Has option."
This option identifies the currently installed software and selects the products from the depot that match what is currently installed on the machine.
The matching products are marked automatically with a Yes in the Matched? column in the Software Selection screen, and the utility begins an install analysis.

Do not bother too much, just mark for install and go for it !

Re: Apply SNMP vulnerabilities patch or not?

Steve Labar — Thu, 14 Mar 2002 21:45:57 GMT

The PHSS_26137 patch has fixes for SNMP & Openview in it. If you are installing it to a system that has Openview installed, you need to match it. If you do not have OpenView installed you need to mark for install to get the updates for SNMP. I have installed it on a non-OpenView system and the SNMP files did get updated appropriately.

Good Luck.

Steve

Re: Apply SNMP vulnerabilities patch or not?

pap — Thu, 14 Mar 2002 22:55:43 GMT

Hi,

Today only I have applied the same patch to more than 10 machines. As per HP the patch is not a critical one and no risk in installing it. It doesn't requires reboot too. Just go to swinstall , mark it and install it. That's it.

As per HP it is an HP recommeded patch hence you shoould have to install on your machines.

For HP 11.0 the equivalent patch is PHSS_26138.

Let me know if you have any questions.

-Piyush.

Re: Apply SNMP vulnerabilities patch or not?

John Payne_2 — Fri, 15 Mar 2002 01:48:44 GMT

If you are running snmpdm, you definitely want to install. No need to match the target, as the patch will look for OV. Just install and go.

I installed the patches the day after the vulnerability was reported. I have not seen a single issue with the patches since that time.

BTW, I would like to thank HP for having the patch ready when the vul. was reported. Some of the other guys around here (Windows, Solaris, etc) were pulling their hair out because the security guy was pestering them to either patch or shutdown snmp...

John

Re: Apply SNMP vulnerabilities patch or not?

pap — Fri, 15 Mar 2002 15:47:54 GMT

HI One more thing I would like to add.

1. Before installing patch PHSS_26137 on HP-UX 10.20, check whether snmpdm is running using "ps -ef| snmpdm" . If it is running then kill the process.

2. One it is killed, then start installing the patch using swinstall. If you do not kill the snmpdm process, your installation will stuck in analysis phase.

3. Once the patch is installed, start the process using

#/usr/sbin/snmpdm

You are all set then.