Uočena je i ispravljena ranjivost vezana uz HP-UX Containers, ranije poznat kao HP-UX Secure Resource Partitions (SRP) koja napadaču omogućuje neovlašten pristup i povećanje ovlasti.
Paket:
HP-UX Containers (SRP) 3.x
Operacijski sustavi:
HP-UX 10.x, HP-UX 11.x
Problem:
nepoznat
Iskorištavanje:
lokalno/udaljeno
Posljedica:
dobivanje većih privilegija, neovlašteni pristup sustavu
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3164
Izvorni ID preporuke:
HPSBUX02715
Izvor:
Hewlett Packard
Problem:
Uzrok problema je nespecificirana ranjivost.
Posljedica:
Napadaču nedostatak omogućuje neovlašten pristup ranjivom sustavu i povećanje ovlasti.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03057703
Version: 2
HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-10-26
Last Updated: 2011-10-27
Potential Security Impact: Local unauthorized access.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential vulnerability has been identified in HP-UX Containers, formerly HP-UX Secure Resource Partitions (SRP), when used in conjunction with patch PHKL_42310. The vulnerability could lead to a local unauthorized access and increased privileges.
References: CVE-2011-3164
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 (11i v3) Secure Resource Partitions (SRP) A.03.00, A.03.00.002 and A.03.01.
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2011-3164
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
6.8
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrade to resolve this vulnerability. The upgrade is to provide support for the deployment of Rational Clearcase on a system with HP-UX Containers.
The upgrade can be retrieved from
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HP-UX-SRP
HP-UX Containers (SRP)
Solution
A.03.00, A.03.00.002, and A.03.01
Upgrade to HP-UX Containers A.03.01.001
As an alternative to installing the upgrade, remove patch PHKL_42310. Note that removal of PHKL_42310 will reintroduce a known issue affecting the Rational Clearcase product. Removal of PHKL_42310 will also reintroduce a critical patch warning for patches PHKL_41156 and PHKL_41421. See documentation on PHKL_42310, PHKL_41156 and PHKL_41421 for further details.
MANUAL ACTIONS: Yes - Update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
=============
SRP.SRP-KERNEL
action: install revision A.03.01.001 or subsequent
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 26 October 2011 Initial release
Version: 2 (rev.2) - 27 October 2011 Corrected SWA directive
Posljednje sigurnosne preporuke