U radu programskog paketa HP OpenView Storage Data Protector uočen je programski nedostatak koji zlonamjernim korisnicima omogućuje izvršavanje proizvoljnog programskog koda.
Paket:
HP OpenView Storage Data Protector 6.x
Operacijski sustavi:
HP-UX 10.x, HP-UX 11.x, Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Server 2003, Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, Sun Solaris 8, Sun Solaris 9, Sun Solaris 10, SUSE Linux Enterprise Server (SLES) 10
Kritičnost:
9.3
Problem:
nespecificirana pogreška
Iskorištavanje:
lokalno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1864
Izvorni ID preporuke:
SA44884
Izvor:
Secunia
Problem:
Uočeni nedostatak posljedica je nespecificirane pogreške.
Posljedica:
Lokalni, zlonamjerni korisnici mogu iskoristiti nedostatak za pokretanje proizvoljnog programskog koda.
Rješenje:
Objavljena su rješenja koja ispravljaju problem te se svim korisnicima savjetuje njihova primjena.
HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability
Secunia Advisory SA44884
Release Date 2011-06-09
Criticality level Moderately criticalModerately critical
Impact System access
Where From local network
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
HP OpenView Storage Data Protector 6.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2011-1864 CVSS available in Customer Area
Description
A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error. No further information is currently available.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions 6.0, 6.10, and 6.11 running on HP-UX, Solaris, Linux and Windows.
Solution
Apply patches (please see the vendor's advisory for details).
Provided and/or discovered by
Reported by the vendor.
Original Advisory
HPSBMA02631 SSRT100324:
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712867
Posljednje sigurnosne preporuke