Operating System - HP-UX
1833796 Members
5159 Online
110063 Solutions
New Discussion

Re: Sec. Vulnerability with ntpd on HP-UX

 
Berlene Herren
Honored Contributor

Sec. Vulnerability with ntpd on HP-UX


PROBLEM: xntpd software may HANG or exhibit extremely poor performance.

IMPACT: Potential denial of service (DoS).

PLATFORM: HP 9000 Series 700 and 800 running HP-UX releases 10.20, 10.24, 11.00, 11.04 and 11.11 using the xntpd software.

SOLUTION: Retrieve and apply the following patches:
for HP-UX 10.20: PHNE_24510
for HP-UX 10.24(VVOS): PHNE_28002
for HP-UX 11.00: PHNE_27223
for HP-UX 11.04(VVOS): PHNE_27442
for HP-UX 11.11: PHNE_24512

AVAILABILITY: All patches are currently available from .
A. Background
Some HP-UX systems running the latest xntpd software may HANG or exhibit extremely poor performance.

B. Recommended solution
HP has made available a patch to upgrade NTP timeservices.
Retrieve and apply the following patches to affected systems.
The patches do not require a reboot. The problem is fixed in HP-UX release 11.22.

Happy networking!
Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
4 REPLIES 4
H.Merijn Brand (procura
Honored Contributor

Re: Sec. Vulnerability with ntpd on HP-UX

a5:/data/update 103 # wget --passive-ftp ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/10.X/PHNE_24512
--15:00:09-- ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/10.X/PHNE_24512
=> `PHNE_24512'
Resolving ftp.itrc.hp.com... done.
Connecting to ftp.itrc.hp.com[192.6.165.75]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /hp-ux_patches/s700_800/10.X ... done.
==> PASV ... done. ==> RETR PHNE_24512 ...
No such file `PHNE_24512'.

a5:/data/update 104 #


Starting at http://www.itrc.hp.com/wpsl/bin/doc.pl/screen=wpslSrchHPUXpatches/?OS=HP-UX and entering PHNE_24512 and 10.20 showed no patches either

27223 showed no problem:
a5:/data/update 104 # wget --passive-ftp ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/11.X/PHNE_27223
--15:02:10-- ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/11.X/PHNE_27223
=> `PHNE_27223'
Resolving ftp.itrc.hp.com... done.
Connecting to ftp.itrc.hp.com[192.6.165.75]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /hp-ux_patches/s700_800/11.X ... done.
==> PASV ... done. ==> RETR PHNE_27223 ... done.
Length: 676,840 (unauthoritative)

100%[====================================>] 676,840 38.31K/s ETA 00:00

15:02:30 (38.31 KB/s) - `PHNE_27223' saved [676840]

a5:/data/update 105 #


PHNE_24512 *is* however available from the 11.X area ??? I suggest a move :)

a5:/data/update 105 # wget --passive-ftp ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/11.X/PHNE_24512
--15:03:15-- ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/11.X/PHNE_24512
=> `PHNE_24512'
Resolving ftp.itrc.hp.com... done.
Connecting to ftp.itrc.hp.com[192.6.165.75]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /hp-ux_patches/s700_800/11.X ... done.
==> PASV ... done. ==> RETR PHNE_24512 ... done.
Length: 346,914 (unauthoritative)

100%[====================================>] 346,914 23.92K/s ETA 00:00

15:03:31 (23.92 KB/s) - `PHNE_24512' saved [346914]

a5:/data/update 106 #
Enjoy, Have FUN! H.Merijn
H.Merijn Brand (procura
Honored Contributor

Re: Sec. Vulnerability with ntpd on HP-UX

24512 ain't OK for 10.20!

d3:/a5/data/update 102 # swinstall -s `pwd`/PHNE_24512.depot PHNE_24512
WARNING: Invalid value defined for the keyword "data_model_revision",
at line 3. The value "2.40" is not a supported data model
revision. This release of the Software Distributor supports
the following values:

2.20 2.10 2.00
The SD product needs to be updated using the instructions in
the "Managing HP-UX With SD-UX" manual. Continuing to read
the file "/tmp/BAAa26548/catalog/INDEX" using the "2.20" data
model semantics. New attributes associated with the "2.40"
format will be ignored. Unrecognized attributes may result in
subsequent ERROR or WARNING messages. If errors result from
using the "2.20" semantics, you must update SD to a version
that supports the "2.40" "data_model_revision".

Enjoy, Have FUN! H.Merijn
Pete Randall
Outstanding Contributor

Re: Sec. Vulnerability with ntpd on HP-UX

Merijn,

If you're getting at what I think you're getting at - it's because PHNE_24510 is the 10.20 version, NOT PHNE_24512 (which is for 11.11)

Pete

Pete
H.Merijn Brand (procura
Honored Contributor

Re: Sec. Vulnerability with ntpd on HP-UX


d3:/a5/data/update 106 # getpatch.sh -10 PHNE_24510
--16:09:38-- ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/10.X/-10
=> `-10'
Resolving ftp.itrc.hp.com... done.
Connecting to ftp.itrc.hp.com[192.151.52.14]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /hp-ux_patches/s700_800/10.X ... done.
==> PASV ... done. ==> RETR -10 ...
No such file `-10'.

-10: A specified flag is not valid for this command.
--16:09:40-- ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/10.X/PHNE_24510
=> `PHNE_24510'
Resolving ftp.itrc.hp.com... done.
Connecting to ftp.itrc.hp.com[192.151.52.14]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /hp-ux_patches/s700_800/10.X ... done.
==> PASV ... done. ==> RETR PHNE_24510 ... done.
Length: 1,405,199 (unauthoritative)

100%[====================================>] 1,405,199 40.89K/s ETA 00:00

16:10:16 (40.89 KB/s) - `PHNE_24510' saved [1405199]

x - PHNE_24510.text
x - PHNE_24510.depot [compressed]
d3:/a5/data/update 107 #


Sorry for the line noise. Please walk on, nothing to see here (except for a guy in a corner with a red face, but you've seen those before ...)
Enjoy, Have FUN! H.Merijn