SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03089106
Version: 1
HPSBUX02724 SSRT100650 rev.1 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-11-16
Last Updated: 2011-11-16
Potential Security Impact: Local increase in privilege
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running SAM. This vulnerability could be locally exploited to create an increase in privilege.
References: CVE-2011-4159
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23 and B.11.31 running EMS prior to A.04.20.11.04_01
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2011-4159
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
6.8
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability.
The upgrades are available from the following location
ftp.usa.hp.com
User Name: srt10650 Password: zp{GE7ev
or ftp://srt10650:zp{Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
HP-UX Release
A.04.20.11.04_01 Depot Name
B.11.11 PA (32 and 64)
EMS_1111_UNOFF.depot.tar.gz
B.11.23 (PA and IA)
EMS_1123_UNOFF.depot.tar.gz
B.11.31 (PA and IA)
EMS_1131_UNOFF.depot.tar.gz
MANUAL ACTIONS: Yes - Update
Install A.04.20.11.04_01 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
EMS-Config.EMS-GUI
EMS-Core.EMS-CORE
EMS-Core.EMS-MX
EMS-Core.EMS-WRAPPER
EMS-MIBMonitor.MIBMON-RUN
action: install revision A.04.20.11.04_01 or subsequent
HP-UX B.11.23
==================
EMS-Config.EMS-GUI
EMS-Config.EMS-GUI-COM
EMS-Core.EMS-CORE
EMS-Core.EMS-CORE-COM
EMS-Core.EMS-MX
EMS-Core.EMS-WRAPPER
EMS-Core.EMS-WRAPPER-COM
EMS-MIBMon.MIBMON-RUN
EMS-MIBMon.MIBMON-RUN-COM
action: install revision A.04.20.11.04_01 or subsequent
HP-UX B.11.31
==================
EMS-Config.EMS-GUI
EMS-Config.EMS-GUI-COM
EMS-Core.EMS-CORE
EMS-Core.EMS-CORE-COM
EMS-Core.EMS-MX
EMS-Core.EMS-WRAPPER
EMS-Core.EMS-WRAPPER-COM
EMS-MIBMon.MIBMON-RUN
EMS-MIBMon.MIBMON-RUN-COM
action: install revision A.04.20.11.04_01 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 16 November 2011 Initial release
Posljednje sigurnosne preporuke