U radu programskog paketa HP Operations za UNIX uočene su i ispravljene dvije sigurnosne ranjivosti. Prva ranjivost javlja se zbog neodgovarajuće provjere određenih ulaznih podataka, a uzrok druge trenutno je nepoznat. Zlonamjerni korisnici mogu iskoristiti ove ranjivosti za obilaženje postavljenih sigurnosnih ograničenja, neovlašten pristup sustavu te izvođenje XSS (eng. cross-site scripting) napada. Objavljeni su paketi koji ispravljaju navedene ranjivosti te se svim korisnicima savjetuje njihova primjena.

HP Operations for UNIX Cross Site Scripting and Unauthorized Access

VUPEN ID 	VUPEN/ADV-2011-0837
CVE ID 	CVE-2011-0893 - CVE-2011-0894
 
CWE ID 	Available in VUPEN VNS Customer Area
CVSS V2 	Available in VUPEN VNS Customer Area
Rated as 	Moderate Risk 
Impact 	Available in VUPEN VNS Customer Area
Authentication Level 	Available in VUPEN VNS Customer Area
Access Vector 	Available in VUPEN VNS Customer Area
Release Date 	2011-04-01
Share 	Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Two vulnerabilities have been identified in HP Operations for UNIX, which could be exploited by attackers to gain knowledge of sensitive information or obtain unauthorized access.

The first issue is caused by an input validation error which could allow cross site scripting attacks.

The second vulnerability is caused by an unknown error which could allow unauthorized access.

Affected Products

HP Operations for UNIX version 9.10

Solution 

Apply hotfix QCCR1A121284_QCCR1A121281_hotfix.tar.gz :
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02770049

References

http://www.vupen.com/english/advisories/2011/0837
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02770049

Credits 

Vulnerabilities reported by the vendor.

Changelog 

2011-04-01 : Initial release