HPE Community
Operating System - HP-UX
1829596 Members
2081 Online
109992 Solutions
New Discussion

Vulnerability list

 
SOLVED
Go to solution
KINGSLEY_1
Regular Advisor

‎06-23-2010 06:40 AM

‎06-23-2010 06:40 AM

Vulnerability list

Dear Sirs,

Can you help me with the link that can give the list of all vulnerabilities and security risk for HP-UX 11.23?

Thanks.

kingsley
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎06-23-2010 06:49 AM

‎06-23-2010 06:49 AM

Solution

Re: Vulnerability list

Shalom,

There is no one step that can do this.

There is a utility, available from http://software.hp.com called security_patch_check that will let you know what security patches are defined by HP as critical.

Also available on the same site is Bastille, which requires a Perl5 admin from the same site. Bastille is pretty comprehensive at scanning a system, making simple security changes and recommending implementation of more complex steps.

Also necessary is monitoring ITRC for security updates.

I wish there was an easy one stop solution, but security doesn't work like that.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
James R. Ferguson
Acclaimed Contributor

‎06-23-2010 07:53 AM

‎06-23-2010 07:53 AM

Re: Vulnerability list

Hi:

If you haven't already started to use the Software Assistant Tool (SWA) you certainly need to do so:

www.hp.com/go/swa

"...(SWA) minimizes the time required by administrators to analyze the software on HP-UX systems, and is the HP-recommended utility for maintaining currency with HP-published security bulletins and recommended patch levels for HP-UX 11i software."

Regards!

...JRF...
Reply
P Muralidhar Kini
Honored Contributor

‎06-23-2010 07:50 PM

‎06-23-2010 07:50 PM

Re: Vulnerability list

Hi KINGSLEY,

Yes, there is not one single step or document where you can get this info.
You need to keep monitoring the ITRC for security updates.
You need to pay attention to the Patches that are released, rated as
critical and so on. Also find out what fixes are there in the patches and
decide whether that is important from your business need point of view.
If yes then you have to apply those patches.

Regards,
Murali
Let There Be Rock - AC/DC
Reply
Kapil Jha
Honored Contributor

‎06-23-2010 09:12 PM

‎06-23-2010 09:12 PM

Re: Vulnerability list

To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC

On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.


BR.
Kapil+
I am in this small bowl, I wane see the real world......
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.