HP has issued a security patch to plug “highly critical” holes in its HP Tru64 Unix operating system with a warning that a successful exploit could lead to system takeover.
The company did not provide details of the vulnerabilities, which are caused due to unspecified errors within the certificate handling of IPsec/IKE. IPSec
Products affected by the security vulnerabilities include the HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24) and the HP Tru64 UNIX 5.1A PK6(BL24).
Research firm Secunia, which rates the flaws as “highly critical,” says malicious hackers can take control of vulnerable systems remotely.
HP repair kits have been posted online here and here.