SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02904002
Version: 1
HPSBUX02688 SSRT100513 rev.1 - HP-UX Dynamic Loader, Local Privilege Escalation, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-07-05
Last Updated: 2011-07-05
Potential Security Impact: Local privilege escalation, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HP-UX dynamic loader. The vulnerability could be exploited locally to create a privilege escalation, or a Denial of Service (DoS).
References: CVE-2011-2398
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, HP-UX B.11.23, and HP-UX B.11.31
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2011-2398
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
6.8
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made the following patches available to resolve this issue.
The patches are available from http://www.hp.com/go/HPSC
OS Release
Patch ID
HP-UX B.11.11
PHSS_42253 or subsequent
HP-UX B.11.23
PHSS_42043 or subsequent
HP-UX B.11.31
PHSS_42040 or subsequent
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
=============
OS-Core.C-KRN
OS-Core.C-MIN
OS-Core.CORE-SHLIBS
OS-Core.CMDS-AUX
ProgSupport.PROG-AUX
ProgSupport.PROG-AX-64ALIB
OS-Core.CORE-64SLIB
OS-Core.C-MIN-64ALIB
ProgSupport.C-INC
ProgSupport.LANG-MIN
OS-Core.LINKER-HELP
action: install patch PHSS_42253 or subsequent
HP-UX B.11.23
=============
OS-Core.C-KRN
OS-Core.C-MIN
OS-Core.CMDS2-AUX
OS-Core.CORE2-64SLIB
OS-Core.CORE2-SHLIBS
ProgSupport.C2-INC
ProgSupport.LANG-64ALIB
ProgSupport.LANG-MIN
OS-Core.CORE-SHLIBS
ProgSupport.C2-INC
OS-Core.CMDS2-AUX
ProgSupport.PROG2-AUX
ProgSupport.PROG-AX-64ALIB
OS-Core.CORE-64SLIB
OS-Core.LINKER-HELP
OS-Core.LINKER-PAOBJ
OS-Core.C-MIN-64ALIB
ProgSupport.LANG-MIN
action: install patch PHSS_42043 or subsequent
HP-UX B.11.31
=============
OS-Core.CMDS2-AUX
OS-Core.C-KRN
OS-Core.C-MIN
OS-Core.CMDS2-AUX
OS-Core.CORE2-64SLIB
OS-Core.CORE2-SHLIBS
ProgSupport.C2-INC
ProgSupport.LANG-64ALIB
ProgSupport.LANG-MIN
OS-Core.C-KRN
OS-Core.CORE-SHLIBS
OS-Core.CORE-64SLIB
OS-Core.LINKER-HELP
OS-Core.LINKER-PAOBJ
OS-Core.C-MIN
OS-Core.C-MIN-64ALIB
ProgSupport.PROG2-AUX
ProgSupport.PROG-AX-64ALIB
action: install patch PHSS_42040 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 5 July 2011 Initial release
Posljednje sigurnosne preporuke