HP TCPIP vulnerable?

Peter Zeiszler · ‎12-22-2014

With the recent notice concerning NTP is HP TCPIP on OpenVMS vulnerable and if it is, will the be a patch?

https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01

Hoff · ‎12-22-2014

The version number of the VMS NTP server is — if it's actually the ISC version — ancient.

I'd expect that the NTP server is vulnerable, and that it's likely best to ask HP support directly, respectively.

In my opinion, it's usually best to firewall VMS acccess. VMS configurations commonly feature various other insecure transports. There's usually little reason to expose a VMS-based NTP server outside of the local network. There's no secure POP or IMAP support with TCP/IP Services, and SCS is wide open to anyone with a privileged network position, SMB/CIFS was pretty old, Apache is old and contains a known-insecure SSL implementation, etc.

Peter Zeiszler · ‎12-22-2014

Luckily we are behind firewalls and such. Just wondering if I needed to find a new patch to upload to systems and if anyone else had heard anything about it. Today's alerts was the first I heard about it. I know about the older protocols and apache.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

HP TCPIP vulnerable?

HP TCPIP vulnerable?

Re: HP TCPIP vulnerable?

Re: HP TCPIP vulnerable?