U radu programskog paketa HP Server Automation uočen je i ispravljen nedostatak. Udaljeni napadači su sigurnosnu ranjivost mogli iskoristiti za proizvoljno pokretanje programskog koda.
Paket:
HP Server Automation 7.x, HP Server Automation 9.x
Operacijski sustavi:
Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, Red Hat Linux 7.3, Red Hat Linux 8.0, Red Hat Linux 9, Sun Solaris 8, Sun Solaris 9, Sun Solaris 10, Sun Solaris 11, SUSE 10, SUSE 11, SUSE Linux Enterprise Server (SLES) 9, SUSE Linux Enterprise Server (SLES) 10, SUSE Linux Enterprise Server (SLES) 11
Kritičnost:
8.7
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-1182
Izvorni ID preporuke:
SA49502
Izvor:
Secunia
Problem:
Uočena je greška u RPC generatoru koda.
Posljedica:
Zlonamjerni napadač može iskoristiti ranjivost za proizvoljno izvršavanje programskog koda.
Rješenje:
Korisicima se savjetuje instalacija programske nadogradnje.
HP Server Automation Samba RPC Network Data Representation Marshalling Vulnerability
Secunia Advisory SA49502
Get alerted and manage the vulnerability life cycle
Free Trial
Release Date 2012-06-12
Popularity 85 views
Comments 0 comments
Criticality level Moderately criticalModerately critical
Impact System access
Where From local network
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
HP Server Automation 7.x
HP Server Automation 9.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2012-1182 CVSS available in Customer Area
Description
HP has acknowledged a vulnerability in HP Server Automation, which can be exploited by malicious people to compromise a vulnerable system.
For more information:
SA48742
The vulnerability is reported in versions 7.8.x, 9.0.x, and 9.1.x running on Red Hat Linux, SUSE Linux, and SunOS.
Solution
Apply HP Server Automation Patch SRVA_00127.
Further details available in Customer Area
Original Advisory
HPSBMU02790 SSRT100872:
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03366886
Posljednje sigurnosne preporuke