U radu programskog paketa HP TCP/IP Services za OpenVMS uočena su dva sigurnosna nedostatka koja udaljeni napadač može iskoristiti za zaobilaženje pojedinih ograničenja i izvođenje DoS (eng. Denial of Service) napada.
HP TCP/IP Services for OpenVMS Security Bypass and Denial of Service Vulnerabilities
Secunia Advisory SA46743
Release Date 2011-11-04
Criticality level Moderately criticalModerately critical
Impact Security Bypass
DoS
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
HP TCP/IP Services for OpenVMS 5.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2011-3168 CVSS available in Customer Area
CVE-2011-3169 CVSS available in Customer Area
Description
Two vulnerabilities have been reported in HP TCP/IP Services for OpenVMS, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
1) An unspecified error related to POP and IMAP servers can be exploited to bypass certain security restrictions.
2) An unspecified error related to SMTP servers can be exploited to cause a crash.
The vulnerabilities are reported in versions 5.6 and 5.7 on iTanium and ALPHA Servers.
Solution
Apply patches.
Further details available in Customer Area
Provided and/or discovered by
The vendor credits:
1) Peter Weaver
2) Christer Ã
Posljednje sigurnosne preporuke