Izdana je revizija sigurnosnog upozorenja vezana uz određene modele HP Color LaserJet pisača. Prvotna je preporuka objavljena 18. studenog 2009. godine s oznakom HPSBPI02472. Propuste koji se opisuju u izvornoj preporuci udaljeni napadači su mogli iskoristiti za neovlašteni pristup sustavu i izvođenje napada uskraćivanja usluge.
Paket:
HP Color LaserJet CM3530 MFP, HP Color LaserJet CP3525 Printer
Operacijski sustavi:
HP-UX 10.x, HP-UX 11.x
Kritičnost:
7.4
Problem:
nespecificirana pogreška
Iskorištavanje:
udaljeno
Posljedica:
neovlašteni pristup sustavu, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2009-3842
Izvorni ID preporuke:
HPSBPI02472
Izvor:
Hewlett Packard
Problem:
Uzrok propusta je nespecificirana pogreška. Revizija je izdana zbog ispravaka vezanih uz ranjive modele uređaja.
Posljedica:
Propust mogu iskoristiti napadači kako bi ostvarili neovlašeni pristup sustavu i izveli DoS napad.
Rješenje:
Korisnicima koji to još nisu učinili preporuča se primjena odgovarajućih zakrpi.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01886100
Version: 3
HPSBPI02472 SSRT090196 rev.3 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-11-18
Last Updated: 2011-06-20
Potential Security Impact: Remote unauthorized access to data, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP Color LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to data or to create a Denial of Service (DoS).
References: CVE-2009-3842
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Color LaserJet CM3530 Multifunction Printer (MFP) with firmware 53.021.2 (earlier versions are not vulnerable)
HP Color LaserJet CP3525 Printer with firmware 05.058.4 (earlier versions are not vulnerable)
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2009-3842
(AV:N/AC:L/Au:N/C:P/I:P/A:C)
9.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided firmware updates to resolve this vulnerability. The firmware updates are available from http://www.hp.com
Product
Resolved in Firmware Version
HP Color LaserJet CM3530 MFP
53.031.4 or subsequent
HP Color LaserJet CP3525 Printer
05.059.3 or subsequent
Note: Each firmware update has instructions for finding the firmware version installed on the product.
To Locate the Firmware Update
Browse to http://www.hp.com and do the following:
1. Select "Support & Drivers"
In Step 1 select "Download drivers and software (and firmware)"
In Step 2 enter one of the following:
HP Color LaserJet CM3530 Multifunction Printer
HP Color LaserJet CP3525 Printer
Click on "Go"
Click on the desired product if necessary
Click on the desired operating system
Click on "Firmware"
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 18 November 2009 Initial release
Version:2 (rev.2) - 10 December 2009 Corrected product versions in SUPPORTED SOFTWARE VERSIONS section
Version:3 (rev.3) - 20 June 2011 Corrected model number
Posljednje sigurnosne preporuke