Vulnerability

    VirtualVault

Affected

    HP9000 Series 7/800 running only HP-UX 11.04 (VVOS)

Description

    Following  is  based  on  HP  company security advisory.  Programs
    running on the VirtualVault  may receive data inappropriately  via
    an interface configured with  aliased IP addresses.   Unprivileged
    processes may receive remote data unexpectedly.

    HP-UX 11.04 (VVOS) introduced a vulnerability in the network layer
    of the operating system that could allow data to be delivered  via
    a  network  interface  to  unprivileged  processes  if multiple IP
    addresses are assigned to the interface.

Solution

    This problem can be eliminated by installing the following patch:

        HP-UX 11.04 (VVOS):              PHNE_21261

    A  system  reboot  will  be  required.   There is no corresponding
    problem with HP-UX 10.24 (VVOS).