HPE Community
Operating System - HP-UX
1834299 Members
2391 Online
110066 Solutions
New Discussion

Re: unable to track down patch ...

 
SOLVED
Go to solution
dave broome_1
Advisor

‎10-09-2002 06:16 AM

‎10-09-2002 06:16 AM

unable to track down patch ...

When I search for patch PHNE_7073 on the support,patch database it returns with no records found. Anyone have any ideas on where I could find it??
0 Kudos
Reply
14 REPLIES 14
Stefan Farrelly
Honored Contributor

‎10-09-2002 06:22 AM

‎10-09-2002 06:22 AM

Re: unable to track down patch ...

Are you sure about the patch number ? 7073 is a very very old patch number - years old. The patch numbers now are all 5 digits. You sure youre not missing a digit ?
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎10-09-2002 06:24 AM

‎10-09-2002 06:24 AM

Re: unable to track down patch ...

Hello,

Are you sure you have the right number?? What does this patch supposedly do?

Hope this helps

Chris
It wasn't me!!!!
0 Kudos
Reply
John Poff
Honored Contributor

‎10-09-2002 06:24 AM

‎10-09-2002 06:24 AM

Re: unable to track down patch ...

Hi,

What problem are you looking to fix with that patch? I did a search for that patch on Google, and it came up with an HP security bulletin from 1996 about fixing rpc.statd and rpc.pcnfsd. If you need to patch those services, I'd suggest searching for those terms in the patch database for your O/S version and see what patches come up.

JP
0 Kudos
Reply
dave broome_1
Advisor

‎10-09-2002 06:31 AM

‎10-09-2002 06:31 AM

Re: unable to track down patch ...

It is a patch for rpc.statd. We have recently had a security audit which threw up a vulnerability with the rpc.statd daemon. We tracked the problem down to being resolved by patch PHNE_7073 NFS megapatch (as advised by Cert Advisory). As this appears to be so old does anyone knows of a subsequent patch that we can use to fix this problem?
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎10-09-2002 06:39 AM

‎10-09-2002 06:39 AM

Re: unable to track down patch ...

What cert are you looking at?
What is your OS?

Cheryl
"Downtime is a Crime."
0 Kudos
Reply
John Poff
Honored Contributor

‎10-09-2002 06:41 AM

‎10-09-2002 06:41 AM

Re: unable to track down patch ...

Hi again,

Those security audits always specify old and/or non-relevant patches. We were audited earlier this year and I spent an hour researching patches on the ITRC just so I could explain to our auditor why we didn't really need 90% of the patches that they claimed we did.

You can go to the ITRC Home, click on Individual Patches, and then click on HP-UX. From there, choose your O/S level, type in rpc.statd in the search terms, and click Search. It will come up with the latest patches. You can read the patch descriptions and download them from there. If you are responsible for the care and feeding of HP-UX systems, you should get very familiar with the patch section of the ITRC.

I don't know what O/S level you are running, but here is what I found:

10.20 PHNE_22288
11.00 PHNE_20371
11.11 PHNE_26388

JP
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎10-09-2002 06:41 AM

‎10-09-2002 06:41 AM

Re: unable to track down patch ...

Hello again,

For 10.20, PHNE_22288:

http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=PHNE_22288&context=hpux:800:10:20

For 11.00, PHNE_20371:

http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=PHNE_20371&context=hpux:700:11:00

For 11.11, PHNE_26388:

http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=PHNE_26388&context=hpux:700:11:11

This doesnot include any/all dependencies. Consult the patch details, as always!!!

Regards,

Chris
It wasn't me!!!!
0 Kudos
Reply
dave broome_1
Advisor

‎10-09-2002 06:43 AM

‎10-09-2002 06:43 AM

Re: unable to track down patch ...

CERT Advisory CA-1996-09 Vulnerability in rpc.statd.
HPUX ver.10.20 on a 9000 series server.

thanks.
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎10-09-2002 06:44 AM

‎10-09-2002 06:44 AM

Solution

Re: unable to track down patch ...

Found it:
Patch PHNE_7073 replaced by PHNE_17248

s700_800 10.X NFS/NIS Runtime cumulative patch
s700: 10.00 10.01 10.10
s800: 10.00 10.01 10.10

If you are running 10.20 the issue is already fixed. No patch needed.
"Fixed HP-UX: s700: 10.20; s800: 10.20"

Cheryl
"Downtime is a Crime."
Reply
Cheryl Griffin
Honored Contributor

‎10-09-2002 06:50 AM

‎10-09-2002 06:50 AM

Re: unable to track down patch ...

The cert says:
http://www.cert.org/advisories/CA-1996-09.html

s300/s400 9.X - PHNE_7372 (rpc.statd)
s700/s800 9.X - PHNE_7072 (NFS Megapatch)
s700/s800 10.X - PHNE_7073 (NFS Megapatch)

The confusion is that PHNE_7073 is not a 10.x patch. It is a 10.00-10.10 patch. The problem was fixed by patch in these early versions of 10.0 and when 10.20 was released the fix was incorporated into the release, so no patch is needed at 10.20.

Cheryl
"Downtime is a Crime."
Reply
dave broome_1
Advisor

‎10-09-2002 06:57 AM

‎10-09-2002 06:57 AM

Re: unable to track down patch ...

I take my hat off to you all. The information posted was very, very useful and has saved me hours of work.

cheers,

dave
0 Kudos
Reply
dave broome_1
Advisor

‎10-10-2002 05:34 AM

‎10-10-2002 05:34 AM

Re: unable to track down patch ...

As a result of the audit we have a plan to apply a number of patches. Anyone got any experience of the following??
Remote Access: Multiple Vulnerabilities in LPD - patch PHCO_24699
Rpc Services: Multiple Vendor CDE TT_SESSION Buffer Overflow - patch PHSS_25137
Rpc Services: RPC cmsd overflow - patch PHSS_19482
Rpc Services: RPC ttdbserver overflow - patch PHSS_25137
Rpc Services: ToolTalk rpc.ttdbserverd format string vulnerability - patch phss_25137

As always, any help is gratefully recieved.

dave
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎10-10-2002 06:19 AM

‎10-10-2002 06:19 AM

Re: unable to track down patch ...


From now on you dont need to do manual checking of security patches or let auditors provide some out of date list of patches - HP have released a tool which whenever you run it (we do weekly) it connects to HP and downloades the latest list of security patches needed and tells you of any new ones you need to install. Who needs auditors anymore ? this tool does it for you. You can download from www.software.hp.com

B6834AA B.01.00 HP-UX Security Patch Check Tool
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎10-10-2002 06:31 AM

‎10-10-2002 06:31 AM

Re: unable to track down patch ...

Not sure what kind of help you are looking for on your last question, but here are the patches in question.

PHCO_24699 replaced by PHCO_25109
PHSS_19482 replaced by PHSS_26489
PHSS_25137 replaced by PHSS_26489

If you had to apply these, this list includes the patches and all dependencies:
PHCO_25109 lpspool subsystem cumulative patch
PHSS_20861 X/Motif Runtime MAR2000 Periodic Patch
PHSS_25348 CDE msg catalog OCT2001 Periodic Patch
PHSS_26489 CDE Runtime Periodic Patch

If you have other questions this does not address, please post them and we'll update this again.
Cheryl
"Downtime is a Crime."
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.