Sigurnosni propust paketa HP Network Node Manager i (NNMi) v9.1x omogućuje zlonamjernim korsnicima udaljeno otkrivanje osjetljivih informacija te izmjenu podataka, kao i izvođenje DoS napada.
| Paket: |
HP Network Node Manager i (NNMi) 9.x |
| Operacijski sustavi: |
Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7, Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, Red Hat Linux 7, Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux 7.3, Red Hat Linux 8.0, Red Hat Linux 9, Slackware Linux 8.0, Slackware Linux 8.1, Slackware Linux 9.0, Slackware Linux 9.1, Slackware Linux 10.0, Slackware Linux 10.1, Slackware Linux 10.2, Slackware Linux 11.0, Slackware Linux 12.0, Slackware Linux 12.1, Slackware Linux 12.2, Slackware Linux 13.0, Slackware Linux 13.1, Slackware Linux 13.37, Sun Solaris 7, Sun Solaris 8, Sun Solaris 9, Sun Solaris 10, Sun Solaris 11, SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Desktop 11, SUSE Linux Enterprise Server (SLES) 9, SUSE Linux Enterprise Server (SLES) 10, SUSE Linux Enterprise Server (SLES) 11, SUSE Linux Enterprise Teradata 10, Ubuntu Linux 5.04, Ubuntu Linux 5.10, Ubuntu Linux 6.06, Ubuntu Linux 6.10, Ubuntu Linux 7.04, Ubuntu Linux 7.10, Ubuntu Linux 8.04, Ubuntu Linux 8.10, Ubuntu Linux 9.04, Ubuntu Linux 9.10, Ubuntu Linux 10.04, Ubuntu Linux 10.10, Ubuntu Linux 11.0, Ubuntu Linux 11.04, Ubuntu Linux 11.10, Ubuntu Linux 12.04 |
| Kritičnost: |
10 |
| Problem: |
nepoznat |
| Iskorištavanje: |
udaljeno |
| Posljedica: |
izmjena podataka, otkrivanje osjetljivih informacija, uskraćivanje usluga (DoS) |
| Rješenje: |
programska zakrpa proizvođača |
| CVE: |
CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472 |
| Izvorni ID preporuke: |
HPSBMU02797 |
| Izvor: |
Hewlett Packard |
| |
| Problem: |
Ranjivosti su većinom naslijeđene iz programskih paketa Java JDK i JRE čiji su uzroci nespecificirani od strane proizvođača.
|
| Posljedica: |
Zlonamjerni korisnici bi mogli izvesti DoS napad, otkriti osjetljive podatke te ih izmijeniti.
|
| Rješenje: |
Svim se korisnicima savjetuje instalacija nadogradnji.
|
Izvorni tekst preporuke
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03358587
Version: 1
HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JDK for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Information Disclosure, Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-07-16
Last Updated: 2012-07-16
Potential Security Impact: Remote unauthorized information disclosure, modification, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) running JDK for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).
References: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450,
CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463,
CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469,
CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,
CVE-2010-4475, CVE-2010-4476, CVE-2011-0786, CVE-2011-0788, CVE-2011-0802,
CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863,
CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868,
CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873, CVE-2011-3389,
CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,
CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551,
CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556,
CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563,
CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500,
CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505,
CVE-2012-0506, CVE-2012-0507, CVE-2012-0508
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Network Node Manager I (NNMi) v9.1x for HP-UX, Linux, Solaris, and Windows
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2010-4422
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
7.6
CVE-2010-4447
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
4.3
CVE-2010-4448
(AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.6
CVE-2010-4450
(AV:L/AC:H/Au:N/C:P/I:P/A:P)
3.7
CVE-2010-4451
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
7.6
CVE-2010-4452
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2010-4454
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2010-4462
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2010-4463
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2010-4465
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2010-4466
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
5.0
CVE-2010-4467
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2010-4468
(AV:N/AC:H/Au:N/C:P/I:P/A:N)
4.0
CVE-2010-4469
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2010-4470
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2010-4471
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
5.0
CVE-2010-4472
(AV:N/AC:H/Au:N/C:N/I:N/A:P)
2.6
CVE-2010-4473
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2010-4474
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
2.1
CVE-2010-4475
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
4.3
CVE-2010-4476
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2011-0786
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
7.6
CVE-2011-0788
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
7.6
CVE-2011-0802
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-0814
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-0815
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-0817
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-0862
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-0863
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-0864
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-0865
(AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.6
CVE-2011-0866
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
7.6
CVE-2011-0867
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
5.0
CVE-2011-0868
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
5.0
CVE-2011-0869
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
5.0
CVE-2011-0871
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-0872
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2011-0873
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-3389
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
4.3
CVE-2011-3516
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
7.6
CVE-2011-3521
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-3544
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-3545
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-3546
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
5.8
CVE-2011-3547
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
5.0
CVE-2011-3548
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-3549
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-3550
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
7.6
CVE-2011-3551
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
9.3
CVE-2011-3552
(AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.6
CVE-2011-3553
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
3.5
CVE-2011-3554
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2011-3555
(AV:N/AC:H/Au:N/C:N/I:P/A:C)
6.1
CVE-2011-3556
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5
CVE-2011-3557
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
6.8
CVE-2011-3558
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
5.0
CVE-2011-3560
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
6.4
CVE-2011-3561
(AV:A/AC:H/Au:N/C:P/I:N/A:N)
1.8
CVE-2011-3563
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
6.4
CVE-2011-5035
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2012-0497
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-0498
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-0499
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-0500
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-0501
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2012-0502
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
6.4
CVE-2012-0503
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5
CVE-2012-0504
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
9.3
CVE-2012-0505
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5
CVE-2012-0506
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.3
CVE-2012-0507
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVE-2012-0508
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made hotfixes available to resolve these vulnerabilities for NNMi v9.1x. The hotfixes can be obtained by contacting the normal HP Services support channel. Customers should open a support case to request the following hotfixes.
NNMi Version / Operating System
Required Patch
Hotfix
9.1x HP-UX
Patch 4
Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip
9.1x Linux
Patch 4
Hotfix-NNMi-9.1xP4-Linux-JDK-20120523.zip
9.1x Solaris
Patch 4
Hotfix-NNMi-9.1xP4-Solaris-JDK-20120523.zip
9.1x Windows
Patch 4
Hotfix-NNMi-9.1xP4-Windows-JDK-20120523.zip
Note: The hotfix must be installed after the required patch. The hotfix must be reinstalled if the required patch is reinstalled.
MANUAL ACTIONS: Yes - Update
Install the applicable patch and hotfix.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For HP-UX NNMi v9.1x
HP-UX B.11.31
HP-UX B.11.23 (IA)
=============
HPOvNNM.HPOVNNMUI
action: install Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 16 July 2012 Initial release
Posljednje sigurnosne preporuke