HP Tru64 UNIX and TruCluster Server Version 5.1B-6 Patch Summary and Release Notes

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1B

131

132

133

134

135

136

137

138

139

140

circumstances, a remote attacker could force an error so that a portion of a plain-text message

can be intercepted by the attacker. Corrects the following vulnerability:

SSRT5957 - IPsec (Severity - High)

• Fixes a problem in which a stack trace occurs during quicksetup if the host name and any

NFS parameters are changed.

• Modifies the netconfig application to prevent breaking automation while using the SysMan

command-line interface.

• Corrects the netconfig application to a avoid stack trace that occurs while configuring a

token ring adaptor on a different node.

• Corrects a potential security vulnerability where, under certain circumstances, system

integrity may be compromised. This may be in the form of improper file access.

• Corrects a problem in which when DHCP is selected for a network interface card, netconfig

places invalid data in the /etc/hosts file.

• Changes the use of the configuration file /etc/svc.conf to /etc/nsswitch.conf to allow netgroup

data to be provided from LDAP, rather than only from NIS.

• Fixes a problem in the SysMan nfs_export application in which adding a host to the rw-access

list does not take effect.

• Fixes a problem in the SysMan nfs_export application in which an inappropriate message

is displayed when a nonroot user runs it.

• Corrects a problem in which the network wizard exits when running as nonroot.

• Corrects a potential security vulnerability in IPsec/IKE (Internet Key Exchange) with

Certificates. This potential vulnerability is remotely exploitable, resulting in unauthorized

privileged access.

SSRT3674 - IPsec/IKE (Severity - High)

• Fixes a problem in which SysMan route does not handle the destination name input correctly

Patch 27062.00

OSFNFS540

• Adds a name and IP address cache to NFS mountd to limit problems seen with DNS timeouts.

• Corrects a problem with pcnfsd that occurs when it is running in a cluster and sends the

member's IP address instead of the cluster alias.

• Fixes the warning message in the daemon.log file when automount starts.

• Provides an option that allows users to specify port number for mountd.

• Fixes rpc.lockd to send UNIX authentication.

• Corrects a problem in which autofs skips exported file systems that belong to netgroups in

the remote NIS domain, while a mount command for the same exported file system works.

• Fixes problems due to mountd not blocking SIGHUP when processing NFS exported file

systems.

• Fixes multiple defects in AutoFS user space and kernel code.

• Enables mountd to correctly handle entries with multiple lines of input in an exports file.

• Makes start-up scripts in /sbin/init.d world readable.

• Fixes an issue with the rpc.lockd daemon's message passing-style RPCs, where replies are

sent to the IP address of the lock's caller_name field instead of to the call message's source.

• Modifies the mountd daemon to correct a core dump problem.

• Restore exports file (-root=hostlist) behavior.

• Changes the use of the configuration file /etc/svc.conf to /etc/nsswitch.conf to allow netgroup

data to be provided from LDAP, rather than only from NIS.

• Enables AutoFS to handle loopback mounts correctly, specifically regarding failed attempts

to use AutoFS to access a loopback mount via a cluster alias.

138 Tru64 UNIX Patches