Izdana je revizija preporuke izvorno objavljene 25. siječnja 2012. Revizija se odnosi na programski paket OpenSSL u kojem je udaljeni napadač sigurnosni propust mogao iskoristiti za DoS (eng. Denial of Service) napad.
Paket:
OpenSSL 0.x
Operacijski sustavi:
HP-UX 11.x
Kritičnost:
5
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0050
Izvorni ID preporuke:
HPSBUX02737
Izvor:
Hewlett Packard
Problem:
Sigurnosna ranjivost se javlja zbog pogrešne implementacije dijela programa za podršku DTLS (eng. Datagram Transport Layer Security) aplikacija.
Posljedica:
Udaljeni napadač ranjivost može iskoristiti za napad uskraćivanjem usluga (DoS).
Rješenje:
Svim se korisnicima navedenog programskog paketa, u svrhu zaštite sigurnosti, savjetuje korištenje njegove najnovije inačice.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03169289
Version: 1
HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-01-25
Last Updated: 2012-01-26
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2012-0050
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08t.
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2012-0050
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability.
The upgrades are available from the following location
ftp://ossl098t:Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
HP-UX Release
Depot Name
B.11.11 PA (32 and 64)
OpenSSL_A.00.09.08t.001_HP-UX_B.11.11_32+64.depot
B.11.23 (PA and IA)
OpenSSL_A.00.09.08t.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (PA and IA)
OpenSSL_A.00.09.08t.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08t or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: Install revision A.00.09.08t.001 or subsequent
HP-UX B.11.23
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: Install revision A.00.09.08t.002 or subsequent
HP-UX B.11.31
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: Install revision A.00.09.08t.003 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 25 January 2012 Initial release
Posljednje sigurnosne preporuke