SOFTPAQ NUMBER: SP21832 PART NUMBER: N/A FILE NAME: SP21832.EXE TITLE: HP Web-Enabled Management Software Security Patch VERSION: 4.x, 5.x LANGUAGE: English CATEGORY: Software Solutions DIVISIONS: Systems PRODUCTS AFFECTED: HP Management Agents Power Management Intelligent Cluster Administrator Version Control Repository Agent Version Control Agent Insight Manager 7 Array Configuration Utility OPERATING SYSTEM: Microsoft Windows NT 4.0, Windows 2000, and Windows .NET SYSTEM CONFIGURATION: N/A PREREQUISITES: N/A EFFECTIVE DATE: August 30, 2002 ELECTRONIC DISTRIBUTION ALLOWED: Yes SOFTPAQ UTILITY VERSION: 4.0 SUPERSEDES: N/A DESCRIPTION: HP web-enabled Management Software running OpenSSL version 0.9.6b are susceptible to potential buffer overflow security vulnerability. A list of the affected management software are listed above. HP strongly recommends that you update your software as soon as possible. This update fixes the potential buffer overflow security vulnerability in HP web-enabled management software.This release is built against OpenSSL version 0.9.6g and contains a fix for the vulnerability. This batch file copies the files needed to fix a potential security issue in HP web-enabled management software. HOW TO USE: Have all the associated files (see file list at the end of this text file) in a single directory on your hard drive. From a DOS command shell change to that drive and directory and type: patchweb patch This will replace the necessary files. Troubleshooting Note: In some circumstances, Windows will not stop a service indicated in this patch. When this occurs, an error message will appear at the end of the patch (on the DOS command shell) that indicates that the service could not be stopped or that a file could not be copied (the error message would say "The process cannot access the file because it is being used by another process"). When this problem occurs, it may be helpful to re-run the patch file again or to use Windows Services to manually stop the service and then re-run the patch. HOW TO RESTORE YOUR ORIGINAL CONFIGURATION: To restore the original versions of the patched files type: patchweb restore FILE LIST: sp21832.txt patchweb.bat findver.exe regtool.exe strexp.exe cpqhmmo1.fre cpqhmmo2.fre Copyright 2002 Compaq Information Technologies Group, L.P.