- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: TCP/IP security patch
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 03:34 AM
тАО03-24-2010 03:34 AM
This bulletin points to updated images for HP TCP/IP Services V5.5 ECO3 and V5.6 ECO4.
I did not look at the V5.5 stuff (yet), but got the fix for V5.6 ECO4 on Alpha.
Current ECO for V5.6 is ECO5.
The security patch contains a number of NTP related images. I compared the first image from this fix for ECO4 and the respective image in the official ECO5 kit and found the following:
image name: "TCPIP$NTP"
image file identification: "V5.6-ECO4B"
link date/time: 7-DEC-2009 16:30:34.44
image name: "TCPIP$NTP"
image file identification: "V5.6-ECO5"
link date/time: 30-NOV-2009 18:07:22.57
So the image from the the security patch is newer than that from ECO5. The ECO 5 release notes don't mention security issues for NTP (except maybe a corrected stack overflow problem for TCPIP$NTPQ, but not the other programs contained in the security patch).
Can anyone tell me:
- does ECO5 contain these fixes?
- if not, will there be a patch kit for ECO5 as well?
An interesting question remains: why does HP publish a Security Bulletin on 23-Mar pointing to a fix that os more than three months old?
Thanks for any info,
Hans.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 03:47 AM
тАО03-24-2010 03:47 AM
Re: TCP/IP security patch
On different note, I downloaded the ECO4 patch (backup saveset) to the same system, but I couldnt read it. I got
backup/list qxcr1000910870_v56_eco4_i64.bck;1/save_set
Listing of save set(s)
%BACKUP-E-POSERROR, error positioning DSA101:[OPENVMS.PRODUCTS.TCPIP56_E5]qxcr1000910870_v56_eco4_i64.bck;1
-RMS-F-IOP, operation invalid for file organization or device
%BACKUP-E-READERRS, excessive error rate reading DSA101:[OPENVMS.PRODUCTS.TCPIP56_E5]qxcr1000910870_v56_eco4_i64.bck;1
-BACKUP-E-BLOCKCRC, software block CRC error
%BACKUP-I-OPERSPEC
%BACKUP-I-OPERASSIST, operator assistance has been requested
%BACKUP-I-NOOPER, no operator is available to handle the request
%BACKUP-I-OPERSPEC, specify option (QUIT or CONTINUE)
Requesting PID:2020078C, Target Device:_DSA101
I downloaded in binary mode, (see attachment)
(I just know someone is going to point out some novice mistake I made.)
Dave
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 04:24 AM
тАО03-24-2010 04:24 AM
Re: TCP/IP security patch
binary download creates files with fixed length (ok for BACKUP), but 512 bytes record length (usually not what BACKUP expects).
On a sufficiently new system, just add the /REPAIR qualifier to your BACKUP command.
On older systems, use
$ SET FILE /ATTRIB=LRL=32256 saveset.bck
The actual record length may vary and can be found out once BACKUP /LIST gets sufficently far to display the savest block size, or you DUMP the first block of the saveset and get the required record size (in hex) at offset 28(hex).
Hans.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 04:26 AM
тАО03-24-2010 04:26 AM
Re: TCP/IP security patch
(I just know someone is going to point out some novice mistake I made.)
<<<
You may want to get Hein's magic spell - FIXSAVESET.COM which will print a
RFM was FIX, MRS = 512, LRL = 512.
and do a
$SET FILE /ATTR=(RFM=FIX, MRS=32256, LRL=32256)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 04:32 AM
тАО03-24-2010 04:32 AM
Re: TCP/IP security patch
SET FILE/ATTRIBUTES=(RFM:FIX,MRS:32256,LRL:32256,RAT:NONE) file.bck
to fix your saveset.
Cheers,
Art
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 04:33 AM
тАО03-24-2010 04:33 AM
Re: TCP/IP security patch
Cheers anyways,
Art
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 05:58 AM
тАО03-24-2010 05:58 AM
Re: TCP/IP security patch
TCPIP V5.6 ECO 5 seems to already contain this fix:
ECO 5 updates
-------------
16-JUN-2009 Alpha and INTEGRITY SERVERS
Problem:
A stack buffer overflow problem exists in the NTPQ program.
Deliverables:
TCPIP$NTPQ.EXE
Reference:
SSRT#090073, TCPIP_BUGS Note 3709
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 06:05 AM
тАО03-24-2010 06:05 AM
Re: TCP/IP security patch
TCPIP V5.5 ECO 3 is still the 'current' patch (released on 21-FEB-2008).
I can't answer your question about the 'age' of the fix, but the comment in the V5.6 ECO 3 release notes seems to indicate, that this part of the problem already got fixed on 16-JUN-2009.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 07:07 AM
тАО03-24-2010 07:07 AM
Re: TCP/IP security patch
BACKUP/REPAIR command :-)
(worked for me on on VMS Alpha V8.3 YMMV)
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2010 09:24 AM
тАО03-24-2010 09:24 AM
Re: TCP/IP security patch
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02002308