U radu programskog paketa HP Performance Manager uočena je sigurnosna ranjivost koju udaljeni napadači mogu iskoristiti za pokretanje proizvoljnog programskog koda i izvođenje napada uskraćivanjem usluge.
Paket:
Operacijski sustavi:
HP-UX 11.x, Microsoft Windows XP, Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux 8.0, Sun Solaris 7, Sun Solaris 8, Sun Solaris 9
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03255321
Version: 1
HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-03-27
Last Updated: 2012-03-27
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS).
References: CVE-2012-0127, ZDI-CAN-1340
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Performance Manager v9.00 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2012-0127
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Luigi Auriemma for working with the TippingPoint Zero Day Initiative to report this vulnerability to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite..
RESOLUTION
HP has provided the following patches to resolve the vulnerability. The patches are available here: http://support.openview.hp.com/selfsolve/patches
Operating System
Patch
Document ID
HP-UX
PHSS_42753 or subsequent
KM1323069
Linux
HPPM9L_00002 or subsequent
KM1323071
Solaris
HPPM9S_00002 or subsequent
KM1323068
Windows
HPPM9W_00002 or subsequent
KM1323075
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
HP-UX B.11.23
==================
HPOvGC.HPOVGC
HPOvPM.HPOVPM
action: install PHSS_42753 or subsequent
END AFFECTED VERSIONS
HISTORY:
Version:1 (rev.1) - 27 March 2012 Initial Release
Posljednje sigurnosne preporuke