U radu programskih paketa HP Operations Agent i Performance Agent uočena je sigurnosna ranjivost koju lokalni korisnik može iskoristiti za neovlašten pristup pojedinim direktorijima.
Paket:
HP OpenView Performance Agent 4.x, HP Operations Agent 11.x, HP Performance Agent 5.x
Operacijski sustavi:
Debian Linux 4.0 (etch), Debian Linux 5.0 (lenny), Debian Linux 6.0 (squeeze), HP-UX 10.x, HP-UX 11.x, IBM AIX 5.x, IBM AIX 6.x, IBM AIX 7.x, Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, Red Hat Linux 7, Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat Linux 8.0, Red Hat Linux 9, Sun Solaris 7, Sun Solaris 8, Sun Solaris 9, Sun Solaris 10, SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Desktop 11, SUSE Linux Enterprise Server (SLES) 9, SUSE Linux Enterprise Server (SLES) 10, SUSE Linux Enterprise Server (SLES) 11
Kritičnost:
3.2
Problem:
nespecificirana pogreška
Iskorištavanje:
lokalno
Posljedica:
neovlašteni pristup sustavu
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4160
Izvorni ID preporuke:
HPSBMU02726
Izvor:
Hewlett Packard
Problem:
Otkrivena je nespecificirana sigurnosna ranjivost u radu paketa HP Performance Agent inačica 4.73 i 5.0. te HP Operations Agent 11.0.
Posljedica:
Zlonamjeran lokalni napadač može iskoristiti slabosti za neovlašten pristup pojedinim direktorijima.
Rješenje:
Svim korisnicima se preporuča instalacija odgovarajuće programske zakrpe proizvođača.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03091656
Version: 1
HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-11-22
Last Updated: 2011-11-22
Potential Security Impact: Local unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris. The vulnerability could be locally exploited to gain unauthorized access to a directory.
References: CVE-2011-4160
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Operations Agent v11.00 and Performance Agent v4.73, v5.0 for AIX, HP-UX, Linux, and Solaris
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2011-4160
(AV:L/AC:L/Au:S/C:P/I:P/A:N)
3.2
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made a patches available to resolve the vulnerability for HP Operations Agent v11.00. HP has made hotfixes available to resolve the vulnerability for HP Performance Agent v4.73 and v5.0. The patches are available here: http://support.openview.hp.com/selfsolve/patches The hotfixes can be obtained by contacting the normal HP Services support channel.
For HP Operations Agent v11.00
Operating System
Patch
AIX
OAAIX_00003
HP-UX
OAHPUX_00003
Linux
OALIN_00003
Solaris
OASOL_00301
For HP Performance Agent v4.73
Operating System
Hotfix Identifier
AIX
OVPA_C.04.73.400_AIX X .04.73.424
HP-UX
OVPA_C.04.73.410_HPUX X.04.73.424
Linux
OVPA_C.04.73.400_Linux X.04.73.424
Solaris
OVPA_C.04.73.400_SOL X.04.73.424
For HP Performance Agent v5.0
Operating System
Hotfix Identifier
AIX
OVPA_C.05.00.100_AIX X.05.00.135
HP-UX
OVPA_C.05.00.100_HPUX X.05.00.135
Linux
OVPA_C.05.00.100_LINUX X.05.00.135
Solaris
OVPA_C.05.00.100_SOL X.05.00.135
MANUAL ACTIONS: Yes - NonUpdate
For HP Performance Agent v4.73 and v5.0, install the appropriate hotfix.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP Operations Agent v11.00
HP-UX B.11.31
HP-UX B.11.23
HP-UX B.11.11
=============
HPOvPerf.HPOVPERFAGT
HPOvPerf.HPOVPERFMI
action: install OAHPUX_00003
For HP Performance Agent v4.73
HP-UX B.11.31
HP-UX B.11.23
HP-UX B.11.11
=============
MeasureWare.MWA
MeasurementInt.ARM
MeasurementInt.MI
action: install hotfix OVPA_C.04.73.410_HPUX X.04.73.424
For HP Performance Agent v5.0
HP-UX B.11.31
HP-UX B.11.23
HP-UX B.11.11
=============
MeasureWare.MWA
MeasurementInt.ARM
MeasurementInt.MI
action: install hotfix OVPA_C.05.00.100_HPUX X.05.00.135
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 22 November 2011 Initial release
Posljednje sigurnosne preporuke