Patch Name: PHSS_24528 Patch Description: s700_800 11.04 VirtualVault 4.5 remove default xterm auth Creation Date: 01/09/03 Post Date: 01/09/24 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: VirtualVault A.04.50 Filesets: VaultTS.VV-CORE-CMN,fr=A.04.50,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair general_release Path Name: /hp-ux_patches/s700_800/11.X/PHSS_24528 Symptoms: PHSS_24528: The X Terminal User authorization should not be given to all administrative users by default. Defect Description: PHSS_24528: In order to minimize any misunderstanding about whether SSL encryption protection extends to X terminals and other similar non-HTTP protocol services, we should not blindly grant a VirtualVault administrative account the corresponding command authorization. Resolution: The X Terminal User authorization is removed from the list of default authorizations granted to the Vault administrative account created by vaultconfig. A warning is also generated when SSL is enabled and a user requests to start an X Terminal. SR: 8606187897 Patch Files: VaultTS.VV-CORE-CMN,fr=A.04.50,fa=HP-UX_B.11.04_32/64,v=HP: /opt/vaultTS/lib/vaultconfig/config.d/40.config.adminacct /var/opt/vaultTS/inside/vault/bin/sys-xterm /var/opt/vaultTS/inside/vault/loc/C/html/sys-xterm.html what(1) Output: VaultTS.VV-CORE-CMN,fr=A.04.50,fa=HP-UX_B.11.04_32/64,v=HP: /opt/vaultTS/lib/vaultconfig/config.d/40.config.adminacct: $Source:src/misc/vaultconfig/config.d/40.config.admi nacct, vaultTS, vaultTS_4.5$ $Date:01/07/02 01:23:34$ $Revision:1.7.2.3 PATCH_11.04(PHSS _24528)$ /var/opt/vaultTS/inside/vault/bin/sys-xterm: $Source:src/admin/cgi/sysadmin/sys-xterm/sys-xterm.c , vaultTS, vaultTS_4.5$ $Date:01/07/02 01:11 :36$ $Revision:1.40 PATCH_11.04(PHSS_24528)$ /var/opt/vaultTS/inside/vault/loc/C/html/sys-xterm.html: $Source:src/admin/html/sysadmin/sys-xterm.html, vaul tTS, vaultTS_4.5$ $Date:01/09/03 00:45:52$ $ Revision:1.18.1.3 PATCH_11.04(PHSS_24528)$ - - cksum(1) Output: VaultTS.VV-CORE-CMN,fr=A.04.50,fa=HP-UX_B.11.04_32/64,v=HP: 2114311508 6382 /opt/vaultTS/lib/vaultconfig/config.d/ 40.config.adminacct 1270013781 45176 /var/opt/vaultTS/inside/vault/bin/sys-xterm 1786788128 3782 /var/opt/vaultTS/inside/vault/loc/C/html/ sys-xterm.html Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 80 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_24528 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHSS_24528.depot By default swinstall will archive the original software in /var/adm/sw/save/PHSS_24528. If you do not wish to retain a copy of the original software, use the patch_save_files option: swinstall -x autoreboot=true -x patch_match_target=true \ -x patch_save_files=false -s /tmp/PHSS_24528.depot WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHSS_24528.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHSS_24528.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_24528.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: This patch installs the actual code required to implement the changes described herein. Please also obtain and install patch PHSS_24529 or its successor in order to update the electronic version of the VirtualVault Administrator's Guide to include a warning about the lack of encryption protection afforded to xterms by the SSL wrapper for the HTTP protocol.