U radu programskog paketa HP Operations za UNIX uočene su i ispravljene dvije sigurnosne ranjivosti. Prva ranjivost javlja se zbog neodgovarajuće provjere određenih ulaznih podataka, a uzrok druge trenutno je nepoznat. Zlonamjerni korisnici mogu iskoristiti ove ranjivosti za obilaženje postavljenih sigurnosnih ograničenja, neovlašten pristup sustavu te izvođenje XSS (eng. cross-site scripting) napada. Objavljeni su paketi koji ispravljaju navedene ranjivosti te se svim korisnicima savjetuje njihova primjena.
HP Operations for UNIX Cross Site Scripting and Unauthorized Access
VUPEN ID VUPEN/ADV-2011-0837
CVE ID CVE-2011-0893 - CVE-2011-0894
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Moderate Risk
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2011-04-01
Share Twitter LinkedIn Facebook Delicious Digg Slashdot
Technical Description
Two vulnerabilities have been identified in HP Operations for UNIX, which could be exploited by attackers to gain knowledge of sensitive information or obtain unauthorized access.
The first issue is caused by an input validation error which could allow cross site scripting attacks.
The second vulnerability is caused by an unknown error which could allow unauthorized access.
Affected Products
HP Operations for UNIX version 9.10
Solution
Apply hotfix QCCR1A121284_QCCR1A121281_hotfix.tar.gz :
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02770049
References
http://www.vupen.com/english/advisories/2011/0837
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02770049
Credits
Vulnerabilities reported by the vendor.
Changelog
2011-04-01 : Initial release
Posljednje sigurnosne preporuke