Višestruki propusti paketa HP Insight Control

HP Insight Control ima višestruke ranjivosti koje su ispravljene novom nadogradnjom. Propusti zlonamjernom korisniku omogućuju pokretanje proizvoljnog programskog koda i izvođenje DoS napada.

Paket:	HP Insight Control For Linux (IC-Linux) 6.x
Operacijski sustavi:	Caldera OpenLinux 2.x, Caldera OpenLinux 3.x, Conectiva Linux 6.0, Conectiva Linux 7.0, Conectiva Linux 8, Conectiva Linux 9, Debian Linux 4.0 (etch), Debian Linux 5.0 (lenny), Debian Linux 6.0 (squeeze), Debian Linux sid (unstable), Debian Linux wheezy (testing), Fedora 7, Fedora 8, Fedora 9, Fedora 10, Fedora 11, Fedora 12, Fedora 13, Fedora 14, Fedora 15, Fedora 16, Fedora 17, Gentoo Linux , Mandriva Linux 2009.0, Mandriva Linux 2010, Mandriva Linux 2010.1, Mandriva Linux 2010.2, Mandriva Linux 2011, Mandriva Linux Corporate 4.0, Mandriva Linux Enterprise Server 5.0, openSUSE 10.2, openSUSE 10.3, openSUSE 11.0, openSUSE 11.1, openSUSE 11.2, openSUSE 11.3, openSUSE 11.4, openSUSE 12.1, Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, Red Hat Linux 7, Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat Linux 8.0, Red Hat Linux 9, Slackware Linux 8.0, Slackware Linux 8.1, Slackware Linux 9.0, Slackware Linux 9.1, Slackware Linux 10.0, Slackware Linux 10.1, Slackware Linux 10.2, Slackware Linux 11.0, Slackware Linux 12.0, Slackware Linux 12.1, Slackware Linux 12.2, Slackware Linux 13.0, Slackware Linux 13.1, Slackware Linux 13.37, SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Desktop 11, SUSE Linux Enterprise Server (SLES) 9, SUSE Linux Enterprise Server (SLES) 10, SUSE Linux Enterprise Server (SLES) 11, SUSE Linux Enterprise Teradata 10, Ubuntu Linux 11.0, Ubuntu Linux 5.04, Ubuntu Linux 5.10, Ubuntu Linux 6.06, Ubuntu Linux 6.10, Ubuntu Linux 7.04, Ubuntu Linux 7.10, Ubuntu Linux 8.04, Ubuntu Linux 8.10, Ubuntu Linux 9.04, Ubuntu Linux 9.10, Ubuntu Linux 10.04, Ubuntu Linux 10.10, Ubuntu Linux 11.04, Ubuntu Linux 11.10
Kritičnost:	5.5
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	pokretanje proizvoljnih naredbi, proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-3210, CVE-2011-3207, CVE-2011-1097, CVE-2011-0997, CVE-2011-0762, CVE-2010-4645
Izvorni ID preporuke:	HPSBMU02752
Izvor:	Hewlett Packard

Problem:
Veće ranjivosti uzrokovane su pogreškom ne inicijaliziranja objekata u datoteci "crypto/x509/x509_vfy.c", pogreškom funkcija brisanja u komponenti "rsync" kao i nepravilnostma u funkcijama "vsf_filename_passes_filter" te "zend_strtod".
Posljedica:
Propusti omogućuju pokretanje proizvoljnog programskog koda i naredbi, te izazivanje stanja uskraćivanja usluga (eng. Denial of Service).
Rješenje:
Savjetuje se pregled teksta izvorne preporuke za više detalja te instalacija nadogradnji.

Izvorni tekst preporuke

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03246498

Version: 1
HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-03-20

Last Updated: 2012-03-20

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

Potential security vulnerabilities have been identified with HP Insight Control Software for Linux (IC-Linux). The vulnerabilities could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS).

References: CVE-2011-3210, CVE-2011-3207, CVE-2011-1097, CVE-2011-0997, CVE-2011-0762, CVE-2010-4645
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP Insight Control Software for Linux (IC-Linux) before v7.0
BACKGROUND

For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
	
Base vector
	
Base score
CVE-2011-3210
	
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
	
5.0
CVE-2011-3207
	
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
	
5.0
CVE-2011-1097
	
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
	
5.1
CVE-2011-0997
	
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
	
7.5
CVE-2011-0762
	
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
	
4.0
CVE-2010-4645
	
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
	
5.0

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION

HP has provided HP Insight Control Software for Linux (IC-Linux) v7.0 to resolve the vulnerabilities. IC-Linux v7.0 is available here:

http://h18004.www1.hp.com/products/servers/management/insightcontrol_linux2/index.html

HISTORY
Version:1 (rev.1) - 20 March 2012 Initial release

Višestruki propusti paketa HP Insight Control

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Višestruki propusti paketa HP Insight Control

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti