Uočen je i ispravljen sigurnosni propust vezan uz HP StorageWorks X9000 Network Storage Systems. Propust je posljedica neodgovarajuće provjere određenih ulaznih podataka, odnosno pogreške u biblioteci "pam_lsass". Uspješna zlouporaba spomenutog propusta udaljenom napadaču omogućuje pristup korisničkim računima s neispravnim zaporkama. Za više detalja korisnici se upućuju na pregled teksta originalne preporuke. Korisnicima se savjetuje primjena zaobilaznih rješenja prema uputama u originalnoj preporuci.

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02712670

Version: 1
HPSBST02630 SSRT1000385 rev.1 - HP StorageWorks X9000 Network Storage Systems, Remote Unauthenticated Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-02-07

Last Updated: 2011-02-07

Potential Security Impact: Remote unauthenticated access

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

A potential security vulnerability has been identified with HP StorageWorks X9000 Network Storage Systems. This vulnerability could be exploited to allow remote unauthenticated access to the accounts with expired passwords.

References: CVE-2010-0833
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP StorageWorks X9000 Network Storage Systems, all 5.4 versions
BACKGROUND

For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
	
Base Vector
	
Base Score
CVE-2010-0833
	
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
	
9.3

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION

The vulnerability can be avoided by using the following procedure.

   1. Explicitly disable the local Administrator account.
   2. Explicitly disable any lsassd local-provider accounts that are not in use.

For example, to disable the Administrator account:

$ lw-mod-user --disable-user "MACHINEAdministrator"
where MACHINE is hostname of the local system.

The following command can be used to verify that the account has been disabled.

$ lw-find-user-by-name --level 2 "MACHINEAdministrator"

The command should return:
Account disabled (or locked): TRUE

HISTORY
Version:1 (rev.1) - 7 February 2011 Initial Release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy

Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
  To: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
  Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
    -check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
    -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do