Kod programskog paketa Veritas Enterprise Administrator (VEA), ugrađenog u HP-ov operacijski sustav HP-UX, javlja se sigurnosni propust koji zlonamjernim korisnicima omogućuje pokretanje napada uskraćivanja usluge i izvršavanje proizvoljnog programskog koda
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02962262
Version: 1
HPSBUX02700 SSRT100506 rev.1 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-08-24
Last Updated: 2011-08-24
Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in HP-UX running the Veritas Enterprise Administrator (VEA), which comes bundled with VxVM. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code.
References: CVE-2011-0546, ZDI-CAN-1110, ZDI-CAN-1111
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, HP-UX B.11.23, and HP-UX B.11.31
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2011-0546
(AV:N/ACL/Au:N/C:C/I:C/A:C)
10
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Luigi Auriemma for working with TippingPointâ
Posljednje sigurnosne preporuke