Patch Name: PHSS_23805 Patch Description: s700_800 11.04 VirtualVault 4.0 remove default xterm auth Creation Date: 01/04/02 Post Date: 01/04/04 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: VirtualVault A.04.00 US/Canada Release VirtualVault A.04.00 International Release Filesets: VaultTS.VV-CORE-CMN,fr=A.04.00,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair general_release Path Name: /hp-ux_patches/s700_800/11.X/PHSS_23805 Symptoms: PHSS_23805: The X Terminal User authorization should not be given to all administrative users by default. Defect Description: PHSS_23805: In order to minimize any misunderstanding about whether SSL encryption protection extends to X terminals and other similar non-HTTP protocol services, we should not blindly grant a VirtualVault administrative account the corresponding command authorization. Resolution: The X Terminal User authorization is removed from the list of default authorizations granted to the Vault administrative account created by vaultconfig. A warning is also generated when SSL is enabled and a user requests to start an X Terminal. SR: 8606187897 Patch Files: VaultTS.VV-CORE-CMN,fr=A.04.00,fa=HP-UX_B.11.04_32/64,v=HP: /opt/vaultTS/lib/vaultconfig/config.d/40.config.adminacct /var/opt/vaultTS/inside/vault/bin/sys-xterm /var/opt/vaultTS/inside/vault/loc/C/html/sys-xterm.html what(1) Output: VaultTS.VV-CORE-CMN,fr=A.04.00,fa=HP-UX_B.11.04_32/64,v=HP: /opt/vaultTS/lib/vaultconfig/config.d/40.config.adminacct: $Source: src/misc/vaultconfig/config.d/40.config.adm inacct, vaultTS, vaultTS_4.0 $ $Date: 01/04/02 09:51:16 $ $Revision: 1.7.1.9 PATCH_11.04 PHSS_23805 $ /var/opt/vaultTS/inside/vault/bin/sys-xterm: $Revision: 1.31.1.2 PATCH_11.04 PHSS_23805 $ $Date: 01/04/02 09:40:37 $ $Source: src/admin/cgi/sysadmin/sys-xterm.c, vaultTS , vaultTS_4.0 $ $Revision: 1.55.1.3 PATCH_11.04 PHSS_23740 $ $Date: 01/04/02 15:51:52 $ $Source: src/admin/cgi/account/acc-util.c, vaultTS, vaultTS_4.0 $ src/lib/vvcertutil/certutil.c, vaultTS, vaultTS_4.0, PHSS_21259 1.9 08/14/98 src/lib/vvcertutil/b64dec.c, vaultTS, vaultTS_4.0, P HSS_21259 1.1 06/07/97 /var/opt/vaultTS/inside/vault/loc/C/html/sys-xterm.html: $Source: src/admin/html/sysadmin/sys-xterm.html, vau ltTS, vaultTS_4.0 $ -- $Date: 01/04/02 09:46:22 $ -- $Revision: 1.19 PATCH_11.04 PHSS_23805 $ -- cksum(1) Output: VaultTS.VV-CORE-CMN,fr=A.04.00,fa=HP-UX_B.11.04_32/64,v=HP: 59339907 6397 /opt/vaultTS/lib/vaultconfig/config.d/ 40.config.adminacct 3391503071 90335 /var/opt/vaultTS/inside/vault/bin/sys-xterm 1545144356 3903 /var/opt/vaultTS/inside/vault/loc/C/html/ sys-xterm.html Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 130 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_23805 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHSS_23805.depot By default swinstall will archive the original software in /var/adm/sw/save/PHSS_23805. If you do not wish to retain a copy of the original software, use the patch_save_files option: swinstall -x autoreboot=true -x patch_match_target=true \ -x patch_save_files=false -s /tmp/PHSS_23805.depot WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHSS_23805.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHSS_23805.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_23805.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: This patch installs the actual code required to implement the changes described herein. Please also obtain and install patch PHSS_23806 in order to update the electronic version of the VirtualVault Administrator's Guide to include a warning about the lack of encryption protection afforded to xterms by the SSL wrapper for the HTTP protocol.