A massive security hole has been found in Hewlett Packard’s Tru64 UNIX operating system, leaving some to wonder how far the company is willing to go to push Linux.
“Highly critical” vulnerabilities have been found in both IPsec and SSH - the programs designed to provide watertight security for IP data and system commands - which may allow system access or a denial of service. In short, the sysadmin’s worst fear.
Perhaps fortunately, we don’t know any more details about what the exact vulnerabilities are since it is HP that has issued patches for the holes (although you will need to be signed up to its support website to get at them).
The vaguely good news is that IPsec 2.1.1 and SSH 3.2.2 are not affected by the vulnerability and you can grab them off HP’s site, here and here respectively. The patch reference is T64KIT0020963-V51BB24-ES-20031204.
The timing is somewhat inconvenient though as HP was just launching into a pro-Linux PR campaign, trying desperately hard not to be outdone by IBM in its support for the open-source OS.
Does revealing a gaping hole in its own UNIX offering aid or hinder that, is what we are pondering.
Related link - Blaster: the day a worm turned nasty