Dva propusta koja uzrokuju pokretanje proizvoljnog programskog koda uočena su i ispravljena u paketu HP Operations Agent za AIX, HP-UX, Linux, Solaris i Windows platforme.
Paket:
HP Operations Agent 11.x
Operacijski sustavi:
HP-UX 10.x, HP-UX 11.x, IBM AIX 5.x, IBM AIX 6.x, IBM AIX 7.x, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7
Problem:
nespecificirana pogreška
Iskorištavanje:
lokalno/udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-2019, CVE-2012-2020
Izvorni ID preporuke:
HPSBMU02796
Izvor:
Hewlett Packard
Problem:
Uzrok ranjivosti nije objavljen.
Posljedica:
Ranjivost omogućuje pokretanje proizvoljnog programskog koda.
Rješenje:
Svim se korisnicima savjetuje instalacija nadogradnji.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03397769
Version: 1
HPSBMU02796 SSRT100594 rev.1 - HP Operations Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-07-09
Last Updated: 2012-07-09
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Operations Agent for AIX, HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in the execution of arbitrary code.
References: SSRT100594, ZDI-CAN-1325, CVE-2012-2019,
SSRT100595, ZDI-CAN-1326, CVE-2012-2020
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Operations Agent for AIX, HP-UX, Linux, Solaris, and Windows prior to v11.03.12.
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2012-2019
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-2020
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Luigi Auriemma for working with the TippingPoint Zero Day Initiative to report this vulnerability to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite..
RESOLUTION
HP has made patches available to resolve these vulnerabilities. The patches can be downloaded from http://support.openview.hp.com/selfsolve/patches
Product
Document ID
Agent AIX 11.03.012
KM1361813
Agent HPUX 11.03.012
KM1361806
Agent LINUX 11.03.012
KM1361809
Agent SOLARIS 11.03.012
KM1361815
Agent WINDOWS 11.03.012
KM1361811
MANUAL ACTIONS: Yes - Update
Update to HP Operations Agent 11.03.12 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
HP-UX B.11.23
HP-UX B.11.11
==================
HPOvLcore.HPOVBBC
HPOvEa.HPOVAGTLC
HPOvLcore.HPOVCONF
HPOvLcore.HPOVCTRL
HPOvLcore.HPOVDEPL
HPOvEa.HPOVEAAGT
HPOvPerf.HPOVGLANC
HPOvPerf.HPOVPACC
HPOvPerf.HPOVPERFAGT
HPOvPerf.HPOVPERFMI
HPOvLcore.HPOVSECCC
HPOvLcore.HPOVSECCO
HPOvLcore.HPOVXPL
action: update to OAHPUX_00007
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 9 July 2012 Initial release
Posljednje sigurnosne preporuke