<<< Date Index >>>     <<< Thread Index >>>

Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges



On Nov 12, 2007 7:57 PM,  <security-alert@xxxxxx> wrote:

> HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain 
> Extended Privileges
[...]
> SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
> HP-UX B.11.11, B.11.23, and B.11.31 running HP Secure Shell

If there's anyone from HP here, can you clarify whether or not HPUX
11.00 is omitted from the impacted list because it's not supported or
because it's not affected - thanks.

I know 11.00 is no longer supported, but we have a system running
"HP-UX Secure Shell A.04.10.004" on HP-UX 11.00 that we cannot upgrade
(due to application dependency), and I'd just like to know what our
exposure is.

The verbose product description is "HP-UX Secure Shell
A.04.10.004/005, based on OpenSSH 4.1p1", part number T1471-90004.

You don't have to go on the record - be as anonymous as you need.

Thanks
Nick Boyce
-- 
"The system is repaired when ordinary greed takes over from
extraordinary fear - and that's what we're working towards."
Prof Larry Summers, US Treasury Secretary 1999-2001, commenting on the
Northern Rock banking crisis on BBC Newsnight, 14th.Sept.2007
My, what a high civilisation we've built.