U radu HP-ovog operacijskog sustava HP-UX uočen je i ispravljen novi sigurnosni nedostatak. Nedostatak se javlja zbog pogreške u XNTP pozadinskom procesu, namijenjenom upravljanju mrežnim vremenom. Udaljeni, zlonamjerni korisnici mogu posebno oblikovanim paketima iskoristiti tu pogrešku za ostvarivanje napada uskraćivanja usluge. Objavljena je zakrpa koja ispravlja opisani nedostatak te se svim korisnicima savjetuje njena primjena. Dodatno, svim se korisnicima savjetuje detaljnije čitanje izvorne preporuke.

HP-UX XNTP Mode 7 Packets Remote Denial of Service Vulnerability

VUPEN ID 	VUPEN/ADV-2011-0839
CVE ID 	CVE-2009-3563
 
CWE ID 	Available in VUPEN VNS Customer Area
CVSS V2 	Available in VUPEN VNS Customer Area
Rated as 	Moderate Risk 
Impact 	Available in VUPEN VNS Customer Area
Authentication Level 	Available in VUPEN VNS Customer Area
Access Vector 	Available in VUPEN VNS Customer Area
Release Date 	2011-04-01
Share 	Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

A vulnerability has been identified in HP-UX, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in XNTP. For additional information, see : VUPEN/ADV-2009-3441

Affected Products

HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31

Solution 

HP-UX B.11.11 - Install patch PHNE_41907 or subsequent

HP-UX B.11.23 - Install patch PHNE_41908 or subsequent

HP-UX B.11.31 - Install patch PHNE_41177 or subsequent

References

http://www.vupen.com/english/advisories/2011/0839
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02737553

Credits 

Vulnerability reported by Harlan Stenn.

Changelog 

2011-04-01 : Initial release