U radu programskog paketa HP OpenView Network Node Manager uočena su dva sigurnosna propusta. Moguće ih je iskoristiti udaljeno, za izvođenje DoS napada.
Paket:
HP OpenView Network Node Manager 7.x
Operacijski sustavi:
HP-UX 11.x
Kritičnost:
4.1
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0022, CVE-2011-4858
Izvorni ID preporuke:
HPSBMU02747
Izvor:
Hewlett Packard
Problem:
Propusti su uzrokovani nepravilnostima u rukovanju pojedinim parametrima.
Posljedica:
Napadači ih mogu iskoristiti za izvođenje DoS (eng. Denial of Service) napada.
Rješenje:
Korisnicima se preporuča instalacija odgovarajućih zakrpa.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03231290
Version: 1
HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-03-27
Last Updated: 2012-03-27
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache Tomcat. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2012-0022, CVE-2011-4858
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris.
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2012-0022
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2011-4858
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided a hotfix to resolve the vulnerability. The SSRT100771 hotfix is available by contacting the normal HP Services support channel.
MANUAL ACTIONS: Yes - NonUpdate
Install the hotfix for SSRT100771.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.53
HP-UX B.11.31
HP-UX B.11.23 (IA)
HP-UX B.11.23 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.50.00
action: install the hotfix for SSRT100771
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 27 March 2012 Initial release
Posljednje sigurnosne preporuke