=======================================================================
Hewlett-Packard DECnet/OSI MUP Cover Letter
=======================================================================
MUP NUMBER: VAX_DNVOSIMUP01-V0703
PRODUCT: DECnet/OSI V7.3 for OpenVMS VAX
UPDATE PRODUCT: DECnet/OSI V7.3 for OpenVMS VAX
1 KIT NAME:
VAX_DNVOSIMUP01-V0703
2 KIT DESCRIPTION:
2.1 Installation Rating:
INSTALL_2: To be installed by all customers using the
following feature(s):
- DECnet-Plus V7.3
This installation rating, based upon current CLD information, is
provided to serve as a guide to which customers should apply this
remedial kit. (Reference attached Disclaimer of Warranty and
Limitation of Liability Statement)
2.2 Reboot Requirement:
Reboot Required.
HP strongly recommends that a reboot is performed immediately after
kit installation to avoid system instability. If you have other
nodes in your OpenVMS cluster, they must also be rebooted in order
to make use of the new image(s). If it is not possible or
convenient to reboot the entire cluster at this time, a rolling
re-boot may be performed.
2.3 Version(s) of DECnet-Plus VAX to which this kit may be
applied:
DECnet-Plus V7.3
2.4 New functionality or new hardware support provided:
No.
3 KITS SUPERSEDED BY THIS KIT:
- None.
�
Page 2
4 KIT DEPENDENCIES:
4.1 The following kit must be installed BEFORE installation of
this kit
- DECNET_OSI-V0703
4.2 In order to receive all the corrections listed in this kit,
the following remedial kits, or later, should also be
installed:
- VAXVMSMUP01_073.A
5 FILES PATCHED OR REPLACED:
o [SYSEXE]CTF$UI.EXE (new image)
Image Identification Information
image name: "CTF$MESSAGES"
image file identification: "V7.3 ECO04"
ink date/time: 21-NOV-2004 20:42:21.58
linker identification: "V11-38"
image checksum: 115753706
o CTF$MESSAGES.EXE (new image)
Image Identification Information
image name: "CTF$UI"
image file identification: "V7.3 ECO04"
link date/time: 21-NOV-2004 20:42:28.63
linker identification: "V11-38"
image checksum: 646690031
o [SYSHLP]CTF$HELP.HLB (new file)
o [SYSMGR]CTF$STARTUP.COM (new file)
6 NEW FUNCTIONALITY AND/OR PROBLEMS ADDRESSED IN THE
VAX_DNVOSIMUP01-V73 KIT
�
Page 3
6.1 New functionality addressed in this kit
None.
6.2 Problems addressed in this kit
6.2.1 Potential security vulnerability
6.2.1.1 Problem Description:
HP has determined that systems running OpenVMS VAX or
Alpha Version V7.* or V6.* have a potential security
vulnerability. This vulnerability could be exploited
allowing for an unintended privileged access to data and
system resources. To protect against this potential
security risk, HP is making a mandatory update patch
available for OpenVMS customers. This patch is provided
by installing this VAX_DNVOSIMUP01-V63 kit and the
VAXVMSMUP01_073 kit. To fully install this Security MUP,
DECnet Phase V customers must install both of these kits.
Note that OpenVMS V8.2 and VAX Version 5.* customers are
not subject to this potential security vulnerability.
Images Affected:
- [SYSEXE]CTF$UI.EXE
- CTF$MESSAGES.EXE
- [SYSHLP]CTF$HELP.HLB
- [SYSMGR]CTF$STARTUP.COM
6.2.1.2 CLDs, and QARs reporting this problem:
6.2.1.2.1 CLD(s)
None.
6.2.1.2.2 QAR(s)
None.
6.2.1.3 Problem Analysis:
See Problem Description
�
Page 4
6.2.1.4 ECO Version of DECnet-Plus that will contain
this change:
DECnet-Plus V7.3 ECO5
6.2.1.5 Work-arounds:
None.
7 INSTALLATION INSTRUCTIONS
7.1 Compressed File
This kit is provided as a DCX compressed kit. To expand this file
to the installable PCSI file, run the file with a RUN file_name
command. When the file is run you will see the following output:
$ RUN VAX_DNVOSIMUP01-V73.PCSI-DCX_VAXEXE
FTSV DCX auto-extractible compressed file for OpenVMS (VAX)
FTSV V3.0 -- FTSV$DCX_VAX_AUTO_EXTRACT
Copyright (c) Digital Equipment Corp. 1993
Options: [output_file_specification] [input_file_specification]
The decompressor needs to know the filename to use for the
decompressed file. If you don't specify any, it will use the
original name of the file before it was compressed, and
create it in the current directory. If you specify a
directory name, the file will be created in that directory.
Decompress into (file specification):
If you want the file to be expanded into a different directory,
enter the directory specification. DO NOT enter a new file name.
The expanded file must retain the original name. The file will
expand into the installable file:
DEC-VAXVMS-DNVOSIMUP01-V0703--4.PCSI
If you want to expand the file via batch, the command file must
contain an answer to the Decompress into "(file specification)"
question, either a <CR> or an alternate directory specification
7.2 Installation Command
Install this kit with the POLYCENTER Software installation utility
by logging into the SYSTEM account, and typing the following at the
DCL prompt:
PRODUCT INSTALL DNVOSIMUP01 [/SOURCE=location of Kit]
The kit location may be a tape drive, CD, or a disk directory that
contains the kit. The /SOURCE qualifier is not needed if the
�
Page 5
PRODUCT INSTALL command is executed from the same directory as the
kit location.
Additional help on installing PCSI kits can be found by typing HELP
PRODUCT INSTALL at the system prompt.
7.3 Scripting of Answers to Installation Questions
During installation, this kit will ask and require user response to
several questions. If you wish to automate the installation of
this kit and avoid having to provide responses to these questions,
you must create a DCL command procedure that includes the following
logical name definitions and commands:
o To avoid the BACKUP question, define the following:
$ DEFINE/SYS NO_ASK$BACKUP TRUE
o To avoid the REBOOT question, define the following:
$ DEFINE/SYS NO_ASK$REBOOT TRUE
o To save replaced files as *.*_OLD define the following logical
name as YES. If you do not wish to save replaced files, define
the logical name as NO.
$ DEFINE/JOB ARCHIVE_OLD NO
o Add the following qualifiers to the PRODUCT INSTALL command and
add that command to the DCL procedure.
/PROD=DEC/BASE=VAXVMS/VER=V7.3
o De-assign the logical names assigned
For example, a sample command file to install the DNVOSIMUP01-V73
kit would be:
$
$ DEFINE/SYS NO_ASK$BACKUP TRUE
$ DEFINE/SYS NO_ASK$REBOOT TRUE
$!
$ PROD INSTALL DNVOSIMUP01/PRODUCER=DEC/BASE=VAXVMS-
/VER=V7.3
$!
$ DEASSIGN/SYS NO_ASK$BACKUP
$ DEASSIGN/SYS NO_ASK$REBOOT
$!
$ exit
�
Page 6
8 COPYRIGHT AND DISCLAIMER:
(C) Copyright 2004 Hewlett-Packard Development Company, L.P.
Confidential computer software. Valid license from HP and/or its
subsidiaries required for possession, use, or copying.
Consistent with FAR 12.211 and 12.212, Commercial Computer
Software, Computer Software Documentation, and Technical Data for
Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.
Neither HP nor any of its subsidiaries shall be liable for
technical or editorial errors or omissions contained herein. The
information in this document is provided "as is" without warranty
of any kind and is subject to change without notice. The
warranties for HP products are set forth in the express limited
warranty statements accompanying such products. Nothing herein
should be construed as constituting an additional warranty.
DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY
THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL
EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE
EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL HP BE LIABLE
FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT,
CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND
REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH
MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.