From: Hunter Goatley [goathunter@goatley.com] Sent: Monday, December 02, 2002 12:58 PM Subject: Mandatory security update for TCPware Mandatory Patch for TCPware December 2, 2002 A potential security vulnerability has been discovered in TCPware that could allow a malicious user to execute arbitrary DCL commands with elevated system privileges. This vulnerability affects TCPware 5.4 through 5.6. New ECOs are available for the SMTP and FTP components. Process Software is not aware of any cases in which this vulnerability has been exploited. However, we strongly recommend installing the appropriate ECO or patch kit to eliminate the vulnerability. Note: This security vulnerability may occur in prior versions of TCPware. Process Software strongly recommends you upgrade. We apologize for any inconvenience this may cause you. If you have trouble accessing these patches, please contact customer support at (800) 394-8700 or (508) 628-5074. For convenient links to download the ECOs below, please visit: http://www.process.com/mandatorypatch.html or visit the TCPware ECO page: http://vms.process.com/eco.html TCPware V5.4 SMTP_V543P090 http://vms.process.com/ftp/support/54_3/smtp_v543p090.zip FTP_V543P190 http://vms.process.com/ftp/support/54_3/ftp_v543p190.zip TCPware V5.5 SMTP_V562P010 http://vms.process.com/ftp/support/56_2/smtp_v562p010.zip FTP_V562P020 http://vms.process.com/ftp/support/56_2/ftp_v562p020.zip TCPware V5.6 SMTP_V562P010 http://vms.process.com/ftp/support/56_2/smtp_v562p010.zip FTP_V562P020 http://vms.process.com/ftp/support/56_2/ftp_v562p020.zip ------ Hunter Goatley, Process Software, http://www.process.com/ http://www.goatley.com/hunter/