HP Plugs 'Critical' Tru64 UNIX Flaws

HP Plugs 'Critical' Tru64 UNIX Flaws


March 5, 2004

HP has issued a security patch to plug "highly critical" holes in its HP Tru64 Unix operating system with a warning that a successful exploit could lead to system takeover.

The company did not provide details of the vulnerabilities, which are a result of unspecified errors within the certificate handling of IPsec/IKE. IPSec, widely deployed to implement corporate Virtual Private Networks (VPNs), provides cryptographically based security for the IP protocols.

Products affected by the security vulnerabilities include the HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24) and the HP Tru64 UNIX 5.1A PK6(BL24).

Research firm Secunia, which rates the flaws as "highly critical," says malicious hackers can take control of vulnerable systems remotely.

HP repair kits have been posted online here and here.