HPE Community
Operating System - HP-UX
1833049 Members
2501 Online
110049 Solutions
New Discussion

Available patches and information

 
yc_2
Regular Advisor

‎07-18-2002 05:07 PM

‎07-18-2002 05:07 PM

Available patches and information

Hi,

Reference to the following link about security in HP-UX CDE:

http://searchhp.techtarget.com/originalContent/0,289142,sid6_gci839442,00.html

1) It talks about vulnerabilities in "ToolTalk RPC database server in the CDE", how to find whether the host is running this database ?

2) Is there a patch for it ?



Thanks in advance,
YC
0 Kudos
Reply
3 REPLIES 3
harry d brown jr
Honored Contributor

‎07-18-2002 05:44 PM

‎07-18-2002 05:44 PM

Re: Available patches and information

From your link:

CERT recommends users patch their systems when vendors make them available. In the interim, the group suggests users disable ToolTalk RPC data server by commenting out the relevant entries in /etc/inetd.conf and in /etc/rpc before restarting the inetd process.

My note: If you have a server that is internet facing and you don't have any idea as to what is running and what isn't, then you should immediately power that machine off, pack it up, and ship it back to the manufacturer. Seriously, if your network is "OPEN" then you should immediately disconnect the internet connection and slam the hammer down on those servers. A good start is this document:

http://people.hp.se/stevesk/bastion.html

if this server is within your "trusted" network, and you have these kind of serious concerns, then the problem is bigger than just an application patch. You need to hire professionals to monitor your network, secure it, and correct any potential security flaws that might exist.

I know I sound harsh, but I get a little crazy about "security". To find a patch, go to the cert.org site, and they will list any potential patches, of which I don't think there are any ready for this issue.


live free or die
harry
Live Free or Die
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-18-2002 06:04 PM

‎07-18-2002 06:04 PM

Re: Available patches and information

You may wish to download the Security Patch Checker program from software.hp.com (you'll also need to download Perl-5 as described in the readme file. Note that there is no security patch checker for the obsolete 10.20 and earlier versions of HP-UX.


Bill Hassell, sysadmin
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎07-19-2002 05:01 AM

‎07-19-2002 05:01 AM

Re: Available patches and information

Hi,

1) According to the CERT advisory CA-2002-20 at http://www.cert.org/advisories/CA-2002-20.html,

======================================
The program number for the ToolTalk RPC database server is 100083. If references to 100083 or rpc.ttdbserverd appear in /etc/inetd.conf or /etc/rpc or in output from the rpcinfo(1M) and ps(1) commands, then the ToolTalk RPC database server may be running.

The following example was taken from a system running SunOS 5.8 (Solaris 8):

/etc/inetd.conf
...
#
# Sun ToolTalk Database Server
#
100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd
...

# rpcinfo -p
program vers proto port service
...
100083 1 tcp 32773
...

# ps -ef
UID PID PPID C STIME TTY TIME CMD
...
root 355 164 0 19:31:27 ? 0:00 rpc.ttdbserverd
...
======================================

Thus the most straightforward way would be to check whether rpc.ttdbserverd is commented out in /etc/inetd.conf.

2) According to the CERT advisory on 10 July 2002, the patch was not out on 10 July 2002.

According to the archive of HP-UX security bulletins at http://archives.neohapsis.com/archives/hp/2002-q2/, the last security bulletin for 11.X was 01 July 2002.

Thus, the patch is still not out yet. However, you can mitigate this security risk by restricting inbound connections at the network-based firewall or host-based firewall.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.