HP-UX 10.20 Security for DNS notification

trystan macdonald · ‎09-17-2002

I am looking into an HP security bulletin regarding DNS and HP-UX 10.20 - it mentions that:
Programs which make DNS calls and are linked with libc.a must be relinked.

Does this mean that applications which make DNS calls will need re-compilling?

How would I get more information on re-linking libraries?

Thanks in advance
Trystan.

Cheryl Griffin · ‎09-17-2002

Trystan,
Use chatr on the program to determine if the program is statically linked or dynamically linked.
Example:
# chatr itool
shared library list:
dynamic /usr/obam/lib/libobam.1
dynamic /usr/lib/libdld.1
dynamic ../lib/libcfg.1
dynamic /usr/lib/libm.1

If dynamic there is not an issue.

If static, you will have to use a programming bundle like C/AnsiC Developers Bundle that contains the linker command (cc) that will allow you to redefine the libraries that are being used.
http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/92501-90029/92501-90029_top.html&con=/hpux/onlinedocs/92501-90029/00/00/7-con.html&toc=/hpux/onlinedocs/92501-90029/00/00/7-toc.html&searchterms=ln%7cc%2b%2b&queryid=20020917-052316

Cheryl

"Downtime is a Crime."

Cheryl Griffin · ‎09-17-2002

In addition, I read the SB " HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBUX0208-209 SSRT2316 Security Vulnerability in DNS resolver libraries"

The Bulletin states:
"Relink statically linked programs calling the DNS API on 10.20.

... (snip) ... which make DNS calls and are linked with libc.a must be relinked. So far as is known *** HP delivers no such programs. ***"

Disclaimer: Those are my *** added to that statement to stress the point.

This means that if you have homegrown applications which use DNS API, there is a potential problem.

Cheryl

"Downtime is a Crime."

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

HP-UX 10.20 Security for DNS notification

HP-UX 10.20 Security for DNS notification

Re: HP-UX 10.20 Security for DNS notification

Re: HP-UX 10.20 Security for DNS notification