Višestruki propusti paketa HP Data Protector

U radu programskog paketa HP Data Protector uočeno je više sigurnosnih propusta. Zlonamjerni ih korisnici mogu iskoristiti za pokretanje proizvoljnog programskog koda.

Paket:	HP Data Protector 6.x, HP Data Protector 7.x
Operacijski sustavi:	Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7
Problem:	nespecificirana pogreška
Iskorištavanje:	lokalno
Posljedica:	proizvoljno izvršavanje programskog koda
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-3156, CVE-2011-3157, CVE-2011-3158, CVE-2011-3159, CVE-2011-3160, CVE-2011-3161, CVE-2011-3162
Izvorni ID preporuke:	HPSBMP02713
Izvor:	Hewlett Packard

Problem:
Propusti su posljedica nespecificiranih pogrešaka.
Posljedica:
Napadačima omogućuju pokretanje proizvoljnog programskog koda.
Rješenje:
Korisnicima se preporuča instalacija sigurnosnih zakrpa.

Izvorni tekst preporuke

	
SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03054543

Version: 1
HPSBMP02713 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-10-17

Last Updated: 2011-10-17

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code.

References: CVE-2011-3156 (ZDI-CAN-1222), CVE-2011-3157 (ZDI-CAN-1225), CVE-2011-3158 (ZDI-CAN-1226), CVE-2011-3159 (ZDI-CAN-1227), CVE-2011-3160 (ZDI-CAN-1228), CVE-2011-3161 (ZDI-CAN-1229), CVE-2011-3162 (ZDI-CAN-1296).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP Data Protector Notebook Extension version 6.20, running on Windows platform (2000, 2003, XP, 2008, Vista, Win7).
HP Data Protector for Personal Computers version 7.0, running on Windows platform (2000, 2003, XP, 2008, Vista, Win7).
BACKGROUND

For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
	
Base Vector
	
Base Score
CVE-2011-3156
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10
CVE-2011-3157
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10
CVE-2011-3158
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10
CVE-2011-3159
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10
CVE-2011-3160
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10
CVE-2011-3161
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10
CVE-2011-3162
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.

The Hewlett-Packard Company thanks Andrea Micalizzi aka rgod for working along with TippingPointâ

Višestruki propusti paketa HP Data Protector

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Višestruki propusti paketa HP Data Protector

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti