Ustanovljen je niz sigurnosnih propusta u radu operacijskog sustava HP-UX. Udaljeni ih napadači mogu iskoristiti za neovlašten pristup sustavu, otkrivanje osjetljivih informacija te utjecanje na tajnost, integritet i dostupnost podataka.
Paket:
HP-UX 11.x
Operacijski sustavi:
HP-UX 11.x
Kritičnost:
8.7
Problem:
nespecificirana pogreška, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
izmjena podataka, neovlašteni pristup sustavu, otkrivanje osjetljivih informacija
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03254184
Version: 1
HPSBUX02757 SSRT100779 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-03-26
Last Updated: 2012-03-27
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References: CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference and Affectivity
Base Vector
Base Score
CVE-2011-3563
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
6.4
CVE-2011-5035
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2012-0497
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-0498
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-0499
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-0500
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-0501
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2012-0502
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
6.4
CVE-2012-0503
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5
CVE-2012-0504
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
9.3
CVE-2012-0505
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5
CVE-2012-0506
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.3
CVE-2012-0507
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities.
The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31
JDK and JRE v6.0.14 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31
===========
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
Jdk60.JDK60-COM
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
action: install revision 1.6.0.14.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 27 March 2012 Initial release
Posljednje sigurnosne preporuke