Re: [Networker] NetWorker 7.x.x Security Vulnerability in nsrexecd

In regard to: [Networker] NetWorker 7.x.x Security Vulnerability in...:

yesterday I got an ETA (EMC Technical Advisory) obout a security
vulnerability in nsrexecd 7.2.2. For the problem resolution there was
the following link
ftp.legato.com/pub/NetWorker/Updates/LGTsc02250/7.2.2_jumbo.


Except that there still aren't updated binaries for some of the platforms
(e.g. linux86).

I also think it's pretty bad that

 - they don't specifically say in the readme or security announcement that
   this problem affects the client component of the software, so it needs
   to be applied to all your clients.

 - the dates on most of the directories are June 1st, meaning that they've
   known about this issue for well over two months and we're just learning
   about it now.

So far so good.
What sets me up is the absurd denotation of the platforms the fixes are
used for.
So what the heck is hp11n or hp11w?


I'm pretty sure that HP started that.  n == narrow, i.e. 32 bit.  w ==
wide, i.e. 64 bit.  Someone at EMC just seems to be following HP's
nomenclature.  I've never seen it applied to Solaris before, but they
seem to be doing the same thing there and elsewhere.

Tim
--
Tim Mooney                                        Tim.Mooney AT ndsu DOT edu
Information Technology Services                   (701) 231-1076 (Voice)
Room 242-J6, IACC Building                        (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER