VULHUB ™

A security weakness has been discovered in version B.02.00.00 of the Bastille Hardening System which may result in information disclosure. This issue occurs when Bastille is used in conjunction with the HP-UX operating system and the Sendmail daemon. HP has reported that a security weakness still exists in the sendmail.cf even after Bastille has been used to disable the feature. This issue poses a security threat as it may allow an unauthorized remote attacker to obtain sensitive username and alias information from a target server. As a result a system administrator applying the Bastille system may have a false sense of security as to the confidentiality of system information. It has been confirmed that Bastille available for the Linux operating system is not affected by this issue.

A security weakness has been discovered in version B.02.00.00 of the Bastille Hardening System which may result in information disclosure. This issue occurs when Bastille is used in conjunction with the HP-UX operating system and the Sendmail daemon. HP has reported that a security weakness still exists in the sendmail.cf even after Bastille has been used to disable the feature. This issue poses a security threat as it may allow an unauthorized remote attacker to obtain sensitive username and alias information from a target server. As a result a system administrator applying the Bastille system may have a false sense of security as to the confidentiality of system information. It has been confirmed that Bastille available for the Linux operating system is not affected by this issue.