Archive-Date: Mon, 2 Dec 2002 11:17:29 -0400 Date: Mon, 02 Dec 2002 08:15:30 -0800 From: edward.heller@transcore.com (Edward Heller) Subject: Question regarding TCPWare 5.3-2 To: info-tcpware@process.com Reply-To: Info-TCPware@process.com Message-ID: <2d2038b7.0212020815.6d1c9380@posting.google.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit We have software that runs over a dedicated network using TCP/IP. This software is in use in several client facilities without problems. However, at one location we updated our installed applications from ones that used raw ethernet to newer software that uses TCP/IP. We left the client's base system applications alone on the presumption that the existing TCP/IP package would work properly. The client already had TCPWare (5.3-2) and OpenVMS/Alpha 7.1-1H1. The upshot of the issue is that we are seeing increases in memory usage over time and unexplained network errors. Both of these appear to occur on approximately 20 minute boundaries, however not every 20 minutes. The time interval can be as great as 2 or 3 days, but always on a 20 minute boundary. We have racked our collective brains and verified our software for internal leaks all to no avail. We have not observed these problems at sites that use OpenVMS TCPIP services. I looked through the ECO list for this version, but did not see anything that would appear to address this. If anyone on this list has any thoughts about where to go next, I would greatly appreciate it. Thanks, Edward Heller TransCore ITS ================================================================================ Archive-Date: Mon, 2 Dec 2002 13:00:27 -0400 Date: Mon, 02 Dec 2002 11:57:57 -0600 (CST) From: Hunter Goatley Reply-To: Info-TCPware@process.com Subject: Mandatory security update for TCPware To: TCPware-Announce@lists.process.com Message-ID: <01KPK0MRA8T88WW2J5@goatley.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Mandatory Patch for TCPware December 2, 2002 A potential security vulnerability has been discovered in TCPware that could allow a malicious user to execute arbitrary DCL commands with elevated system privileges. This vulnerability affects TCPware 5.4 through 5.6. New ECOs are available for the SMTP and FTP components. Process Software is not aware of any cases in which this vulnerability has been exploited. However, we strongly recommend installing the appropriate ECO or patch kit to eliminate the vulnerability. Note: This security vulnerability may occur in prior versions of TCPware. Process Software strongly recommends you upgrade. We apologize for any inconvenience this may cause you. If you have trouble accessing these patches, please contact customer support at (800) 394-8700 or (508) 628-5074. For convenient links to download the ECOs below, please visit: http://www.process.com/mandatorypatch.html or visit the TCPware ECO page: http://vms.process.com/eco.html TCPware V5.4 SMTP_V543P090 http://vms.process.com/ftp/support/54_3/smtp_v543p090.zip FTP_V543P190 http://vms.process.com/ftp/support/54_3/ftp_v543p190.zip TCPware V5.5 SMTP_V562P010 http://vms.process.com/ftp/support/56_2/smtp_v562p010.zip FTP_V562P020 http://vms.process.com/ftp/support/56_2/ftp_v562p020.zip TCPware V5.6 SMTP_V562P010 http://vms.process.com/ftp/support/56_2/smtp_v562p010.zip FTP_V562P020 http://vms.process.com/ftp/support/56_2/ftp_v562p020.zip Hunter ------ Hunter Goatley, Process Software, http://www.process.com/ http://www.goatley.com/hunter/ New Robert McCammon novel and site: http://www.RobertRMcCammon.com/ ================================================================================ Archive-Date: Mon, 2 Dec 2002 13:54:10 -0400 Date: Mon, 02 Dec 2002 13:31:16 -0500 From: Peter Weaver Subject: Re: Mandatory security update for TCPware To: info-tcpware@process.com Reply-To: Info-TCPware@process.com Message-ID: Hunter Goatley wrote: >... > TCPware V5.5 > SMTP_V562P010 > http://vms.process.com/ftp/support/56_2/smtp_v562p010.zip > FTP_V562P020 > http://vms.process.com/ftp/support/56_2/ftp_v562p020.zip > > TCPware V5.6 > SMTP_V562P010 > http://vms.process.com/ftp/support/56_2/smtp_v562p010.zip > FTP_V562P020 > http://vms.process.com/ftp/support/56_2/ftp_v562p020.zip >... Are the 5.5 and 5.6 kits really the same .ZIP? Or was that a typo? -- Peter Weaver Opinions are my own, and do not reflect the opinions of my employer, nor the company that it sub-contracts to, nor the company that it sub-contracts to. ================================================================================ Archive-Date: Mon, 2 Dec 2002 13:59:59 -0400 Date: Mon, 02 Dec 2002 13:58:06 -0500 From: Lisa Fuellemann Reply-To: Info-TCPware@process.com Subject: RE: Mandatory security update for TCPware To: "'info-tcpware@process.com'" Message-ID: <63D30D6E10CFD11190A90000F805FE8604239214@lespaul.process.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 > Hunter Goatley wrote: > >... > > TCPware V5.5 > > SMTP_V562P010 > > http://vms.process.com/ftp/support/56_2/smtp_v562p010.zip > > FTP_V562P020 > > http://vms.process.com/ftp/support/56_2/ftp_v562p020.zip > > > > TCPware V5.6 > > SMTP_V562P010 > > http://vms.process.com/ftp/support/56_2/smtp_v562p010.zip > > FTP_V562P020 > > http://vms.process.com/ftp/support/56_2/ftp_v562p020.zip > >... > > Are the 5.5 and 5.6 kits really the same .ZIP? Or was that a typo? Yes, they really are the same. Both SMTP_V562P010 and FTP_V562P020 apply to TCPware 5.6 and 5.5. That's not a typo. --Lisa ----------------------------- Lisa D. Fuellemann Quality Assurance Engineer Process Software, LLC Email: fuellemann@process.com ================================================================================ Archive-Date: Tue, 3 Dec 2002 11:28:44 -0400 Date: Tue, 03 Dec 2002 11:23:57 -0500 From: Chris Moore Subject: Re: Timezone-change observations To: info-tcpware@process.com Reply-To: Info-TCPware@process.com Message-ID: Simple......but pretty much presumes that nothing else in TCPWARE_CONFIGURE changes in the 6-month period.......wouldn't THAT be nice? "Bob Ceculski" wrote in message news:d7791aa1.0210271934.10a3b4fc@posting.google.com... peter@langstoeger.at (Peter LANGSTOEGER) wrote in message news:... > Because summertime ended today, I thought I share my observations. > > 1) Local Time (SHOW TIME) was correct on VAX and Alpha !! > I'm running VMS V7.3 and TCPware V5.6-2 > but no longer DECdts (which made perfect timezone changes for years !) > why are you doing it the hard way? all you have to do is set up 2 tcpware_configure.com files, for me it was tcpware_configure.com_edt and tcpware_configure.com_est a dcl command procedure can be written to run once in the spring and once in the fall on the appropriate date and time at 2am and swap in the correct tcpware configure com file and do a simple $ @restart isn't this simple? ================================================================================ Archive-Date: Wed, 11 Dec 2002 14:44:52 -0400 Date: Wed, 11 Dec 2002 12:42:20 -0700 From: Dan O'Reilly Reply-To: Info-TCPware@process.com Subject: SSH Security Advisory To: info-tcpware@process.com Message-ID: <5.1.0.14.2.20021211124130.00b4f818@raptor.psccos.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed The following security advisory has been issued by F-Secure: "F-Secure SSH Server vulnerability: User login name can be faked on SSH server. Date: Nov 25, 2002 Description: This vulnerability allows those users who have valid user account to fake their login name in ssh server. By doing this they may send misleading messages to syslog and other applications. No root exploits are known at this time." Please be advised that TCPware's SSH is not affected by this security advisory. ------ +-------------------------------+----------------------------------------+ | Dan O'Reilly | "There are 10 types of people in this | | Principal Engineer | world: those who understand binary | | Process Software | and those who don't." | | http://www.process.com | | +-------------------------------+----------------------------------------+ ================================================================================ Archive-Date: Fri, 13 Dec 2002 19:10:00 -0400 Date: Fri, 13 Dec 2002 19:09:34 -0400 From: goathunter@process.com Reply-To: Info-TCPware@process.com Subject: TCPware ECO kit available: NAMED_V562P010 To: tcpware-announce@process.com Message-ID: <00A18663.A2B8F136.30@triton.process.com> TCPware ECO kit announcement The following ECO kit is now available for TCPware: ECO: NAMED_V562P010 Description: Fixes for various CERT advisories Release date: 13-DEC-2002 Ranking: 1 Max ranking: 1 Versions: 5.6-2,5.5-3,5.4-3 ftp://ftp.process.com/support/56_2/named_v562p010.zip To search the TCPware ECO database, please visit the following URL: http://vms.process.com/eco.html For more information, contact Process Software via: E-mail: support@process.com Phone: 1-800-394-8700 The ECO kit README contents are below. ----------------------------------------------------------- ------------------------------------------------------------------------------ TCPware_NAMED Patch kit (revision 1.0) for TCPware version 5.6-2 02-Dec-2002 Copyright (c) 1999-2000, by Process Software Corporation Copyright (c) 2000-2002, by Process Software LLC Overall ECO Rank: 1 Version 1.0 Rank: 1 Applicable TCPware and VMS versions: TCPware 5.4, 5.5, 5.6 on all supported VAX/VMS and AXP/VMS systems This VMSinstallable saveset provides a new version of NameD and NameD-Xfer for TCPware for OpenVMS. NameD must be restarted after installation of this patch. The following change[s] has been made: NAMED_V562P010: - ECO Rank 1 -------------- - Corrects various issues outlined in recent CERT advisories. This kit also contains the following changes for TCPware 5.4-3: NAMED_V543P033: -------------- - a timing issue has been corrected. With the right timing, the nameserver could hang intermittently. (D/E 5675) - BIND Version 8 had removed a feature called "sortlist" that was present in BIND Version 4. A side effect of this feature was that queries from a source on the same subnet as one of the servers interfaces could result in a response with a fixed order. If the server found any of the A records in the answer to be in the same subnet as the common subnet between the client and the server, the server would place that A record first in the answer. This default part of the feature has been added back with this kit. To enable the feature, you must define the system exec logical "TCPWARE_NAMED_PREFER_LOCAL_ADDR" and restart your Nameserver. When BIND 8.2 is released for TCPware, this logical will no longer provide this feature, and you will need to add the following statements to the options {}; section of your NAMED.CONF File to gain the results: sortlist { { localhost; localnets; }; { localnets; }; }; (D/E 5579) - Secondary servers no longer create a new version of the backup zone file when it transfers the zone, it now replaces the old file with the new file. Customers are encouraged to check the directories where their backup zone files are stored, and purge the excess if desired. (D/E 5206) NAMED_V543P020 -------------- IP AddressWorks related changes: Improved handling of errors trying to communicate with the Server Manager. NAMED_V543P010 -------------- A problem where the nameserver would hang indefinately if reloaded has been fixed. This occurred when the server was done sending the data for a zone transfer, but the client requesting the zone transfer had not yet closed its end of the connection. System managers experiencing this problem may notice lingering TCP connections to the domain port on the system in FIN-WAIT-2 state. If this is a problem it is recommended the system manager take steps to disallow that remote system from doing zone transfers [see the documentation on the allow-transfers statement in the NameD configuration]. The old version of TCPWARE:NAMED.EXE will be renamed to TCPWARE:NAMED.EXE_OLD The old version of TCPWARE:NAMED-XFER.EXE will be renamed to TCPWARE:NAMED-XFER.EXE_OLD To restart NameD after install, use: @TCPWARE:RESTART DNS Once installed, you may undo this patch by renaming the files back to TCPWARE:NAMED.EXE and TCPWARE:NAMED-XFER.EXE. [End of ECO announcement] ================================================================================ Archive-Date: Tue, 17 Dec 2002 14:12:27 -0400 Date: Tue, 17 Dec 2002 12:08:12 -0700 From: Dan O'Reilly Reply-To: Info-TCPware@process.com Subject: SSH CERT Advisory CA-2002-36 To: info-tcpware@process.com Message-ID: <5.1.0.14.2.20021217120736.05575680@raptor.psccos.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed The following advisory has been issued by CERT: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC Overview Multiple vendors' implementations of the secure shell (SSH) transport layer protocol contain vulnerabilities that could allow a remote attacker to execute arbitrary code with the privileges of the SSH process or cause a denial of service. The vulnerabilities affect SSH clients and servers, and they occur before user authentication takes place. We are studying this advisory to determine its impact upon the TCPware SSH components. At this time, we have no further information on this advisory. However, we do not believe there is any possibility of being able to execute arbitrary code via the TCPware SSH server; that is typically an impact to UNIX systems. It is possible that the server may be vulnerable to a denial-of-service attack manifested by a server ACCVIO, but there should be no security risk to the server system. We will provide further information as it becomes available. ------ +-------------------------------+----------------------------------------+ | Dan O'Reilly | "There are 10 types of people in this | | Principal Engineer | world: those who understand binary | | Process Software | and those who don't." | | http://www.process.com | | +-------------------------------+----------------------------------------+