Cisco Headend System Release 2.7 技术参考
Operations Alert Bulletin
Recommended Patch for All DBDS
Platforms Using Solaris 10
Recommended Patch for All DBDS
Platforms Using Solaris 10
Background
Cisco engineers have discovered that Solaris 10 has a security vulnerability in the
telnet daemon in.telnetd. This security vulnerability allows users to obtain root
access to Cisco's Digital Broadband Delivery System (DBDS) platform through
telnet—without the need for the root password. If this vulnerability is not corrected,
users can access root or any other user ID without a password.
telnet daemon in.telnetd. This security vulnerability allows users to obtain root
access to Cisco's Digital Broadband Delivery System (DBDS) platform through
telnet—without the need for the root password. If this vulnerability is not corrected,
users can access root or any other user ID without a password.
All DBDS system operators running System Release (SR) versions 2.7/3.7 or SR 4.2
are affected by this vulnerability.
are affected by this vulnerability.
The engineering team has developed software patch 4.2.0.5p1 to remedy this
security issue. Change request (CR) 67457 addresses this security issue.
security issue. Change request (CR) 67457 addresses this security issue.
Cisco has made this security patch available, through a compressed file, on the Cisco
FTP server. Because this patch can be installed without a need for a system reboot,
Cisco urges system operators to install this patch immediately.
FTP server. Because this patch can be installed without a need for a system reboot,
Cisco urges system operators to install this patch immediately.
For additional background information, see Sun Microsystems' Support Web page
(reference Sun Alert 102802-1).
(reference Sun Alert 102802-1).
Requirement
All system operators running Solaris 10 must install software patch 4.2.0.5p1. This
impacts systems running SR 2.7/3.7 and SR 4.2.
impacts systems running SR 2.7/3.7 and SR 4.2.
Recommendation
Cisco urges all system operators running SR 2.7/3.7 or SR 4.2 to obtain and install
patch 4.2.0.5p1 immediately on their DNCS, Application Server, and RNCS, if the
site is equipped with an RNCS.
patch 4.2.0.5p1 immediately on their DNCS, Application Server, and RNCS, if the
site is equipped with an RNCS.
Important! This patch can be installed without the need for a system reboot.