[guru] HP biztonsagi frissitesek
DATE: Tue, 18 May 2010 00:20:14 +0200
HP-UX termékcsalád:
-------------------
Egy nem részletezett probléma miatt a rendszer DoS-olható.
Több ismert OpenSSL hibának (DoS hibák, valamint közöttük a TLS újraegyeztetési
probléma is) kihozták a javítását.
Újabb javításokat adtak ki a sendmail STARTTLS hibájára, mikor is nem
megfelelően ellenőrizte a certificate-eket (NUL hiba).
A bind DNSSEC esetén is lehetővé tette a hamisított NXDATA üzenetek
használatát.
HP OpenView termékcsalád:
-------------------------
Több stack buffer overflow hibát is találtak a HP Operations Manager for
Windows egyik ActiveX vezérlőjében.
Számtalan távoli kód futtatási hibát találtak a HP OpenView Network Node
Manager (OV NNM) termékben: format string hiba az ovet_demandpoll.exe
processzben, stack buffer overflow a netmon.exe daemon-ban, stack buffer
overflow az snmpviewer.exe CGI-ben, több stack buffer overflow a
getnnmdata.exe CGI-ben, valamint egyéb hibák.
Egyéb:
------
Több biztonsági hibát (XSS, DoS, kód futtatási és érvénytelen hozzáférés)
is találtak a HP System Management Homepage (SMH) Linux és Windows verzióiban.
Több kód futtatást eredményező nem részletezett hibát találtak a HP Virtual
Machine Manager (VMM) Windows-os verziójában.
Kód futtatási és információ szivárgási problémákat találtak a HP ProLiant
Support Pack 8.30 for Windows verziójában.
XSS, CSRF (Cross-Site Request Forgery) és jogosulatlan hozzáférési lehetőseget
találtak a HP System Insight Manager HP-UX, Linux és Windows verzióiban.
A HP LoadRunner ágens Windows-os verziója kód futtatási hibát tartalmaz.
Amennyiben az mchan.dll state paramétere 0 vagy 4 értéket kap, úgy a
megadott parancsot SYSTEM jogokkal lefuttatja.
A HP Performance Center ágens Windows-os verziója kód futtatási hibát
tartalmaz.
Kód futtatási hiba a HP Systems Insight Manager (SIM) HP-UX, Linux és Windows
verzióiban.
XSS hibát találtak a HP Insight Control Server Migration Windows verziójában.
A HP MFP Digital Sending Software lokális felhasználói ellenőrzés nélküli
hozzáférést kapnak az általa managelt multifunkciós eszközök "Send to e-mail"
funkciójához.
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02091749
Version: 1
HPSBUX02518 SSRT100051 rev.1 - HP-UX, Local Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-19
Last Updated: 2010-04-16
Potential Security Impact: Local Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability have been identified with HP-UX. This vulnerability could be exploited locally to create a Denial of Service (DoS).
References: CVE-2010-1032
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11 only.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-1032 (AV:L/AC:M/Au:S/C:N/I:N/A:C) 4.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided a patch to resolve this vulnerability.
The patch is available from http://itrc.hp.com
HP-UX Release / Patch ID
B.11.11 / PHKL_40888
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
OS-Core.CORE2-KRN
OS-Core.KERN2-RUN
action: install PHKL_40888 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 19 April 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvMru8ACgkQ4B86/C0qfVm0/gCfZ/IHt3kb9lh8klE37ZIokP43
Sk8AoOcbwqml7God7WCAQ4wPLaCnxF1t
=QrO9
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02079216
Version: 1
HPSBUX02517 SSRT100058 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-19
Last Updated: 2010-04-19
- -------------------------------------------------------------------------------
Potential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS).
References: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-3245 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4
CVE-2009-4355 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve these vulnerabilities.
The upgrades are available from the following location.
http://software.hp.com
HP-UX Release / Depot Name / SHA-1 digest
B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32_64.depot / 1D417CB27A06C6D7E9035C8D4FC683D78A599E7B
B.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA_PA.depot / F4EF4CF40B7B23B3C0CB850CEDED25279394BDCC
B.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA_PA.depot / EA3E9A0019BD9153DBC3AA73FC8D3C64F9682561
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08n or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08n.001 or subsequent
HP-UX B.11.23
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08n.002 or subsequent
HP-UX B.11.31
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08n.003 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 13 April 2010 Initial release
Version:2 (rev.2) 19 April 2010 Revised location from which to download upgrades, SHA-1 digest.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvMznsACgkQ4B86/C0qfVl3/ACgmtRRWfNcbDRT3hGl9Ey4M7Bc
JLkAn1WfZg0roKU+Df88xAGJitfn0dNJ
=ctXn
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02078800
Version: 1
HPSBMA02491 SSRT100060 rev.1 - HP Operations Manager for Windows, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-19
Last Updated: 2010-04-19
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Operations Manager for Windows. The vulnerability could be exploited remotely to allow execution of arbitrary code.
References: CVE-2010-1033
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Operations Manager for Windows v8.10, v8.16 with srcvw4.dll v4.0.1.1 and earlier
HP Operations Manager for Windows v7.5 with srcvw32.dll v2.23.28 and earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-1033 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks mr_me, a member of Corelan Team, for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made a new version of srcvw4.dll available to resolve the vulnerability on Operations Manager for Windows v8.10 and v8.16.
HP has made a new version of srcvw32.dll available to resolve the vulnerability on Operations Manager for Windows v7.5.
Note: The appropriate new version, either srcvw4.dll or srcvw32.dll, must be installed on the Operations Manager for Windows management server and on all remote console systems.
For Operations Manager for Windows v8.10 and v8.16
Verify the version of srcvw4.dll currently installed
Right-click on %OvInstallDir%\bin\srcvw4.dll
Select Properties
Switch to details tab
Check File version
v4.0.1.1 and earlier are vulnerable
Install required patch
The new version of srcvw4.dll (v4.0.1.2) requires OMW_00060, available here http://support.openview.hp.com/selfsolve/patches
Download the new version of srcvw4.dll
The new version is in the file OMW60_srcvw4.dll, available using ftp:
Host
Account
Password
ftp.usa.hp.com
sb02491
Secure12
Optionally verify the SHA-1 sum:
b48f-27e1-15c4-a7ab-d64e-ff65-caf3-543a-dece-16bd OMW60_srcvw4.dll
Install the new version of srcvw4.dl
1. Stop the Operations Manager for Windows console and its additional binaries, such as node editor.
2. From a command prompt, backup %OvInstallDir%\bin\srcvw4.dll
3. From a command prompt, copy OMW60_srcvw4.dll into %OvInstallDir%\bin\srcvw4.dll
4. Verify that %OvInstallDir%\bin\srcvw4.dll is now v4.0.1.2
Note: Steps 2 and 3 above must be performed from the Windows command line, not from Windows Explorer.
For Operations Manager for Windows v7.5
Verify the version of srcvw32.dll currently installed
Right-click on %OvInstallDir%\bin\srcvw32.dll
Select Properties
Switch to details tab
Check File version
v2.23.28 and earlier are vulnerable
Install required patch
The new version of srcvw32.dll (v2.23.29 HP) requires OVOW_00279, available here http://support.openview.hp.com/selfsolve/patches
Download the new version of srcvw32.dll
The new version is in the file OVOW279_srcvw32.dll, available using ftp:
Host
Account
Password
ftp.usa.hp.com
sb02491
Secure12
Optionally verify the SHA-1 sum:
14e5-0530-2ec5-4b4a-3ceb-2e15-9491-6b6e-6ef6-6664 OVOW279_srcvw32.dll
Install the new version of srcvw32.dl
1. Stop the Operations Manager for Windows console and its additional binaries, such as node editor.
2. From a command prompt, backup %OvInstallDir%\bin\srcvw32.dll
3. From a command prompt, copy OVOW279_srcvw32.dll into %OvInstallDir%\bin\srcvw32.dll
4. Verify that %OvInstallDir%\bin\srcvw32.dll is now v2.23.29 HP
Note: Steps 2 and 3 above must be performed from the Windows command line, not from Windows Explorer.
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 19 April 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvMWXcACgkQ4B86/C0qfVmlggCgzdS8Z18Skq1Q5AQRkgGF3Maf
9X0AoJPetBb8SbNjR2JRkSjcDe42S8CI
=kTbM
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02009860
Version: 2
HPSBUX02508 SSRT100007 rev.2 - HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-20
Last Updated: 2010-04-20
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running sendmail and STARTTLS enabled. This vulnerability could allow a user to gain remote unauthorized access.
References: CVE-2009-4565
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23 and B.11.31 running sendmail 8.13.3 with STARTTLS enabled.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-4565 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following upgrades to resolve the vulnerability.
The updates are available from http://software.hp.com.
HP-UX Release / Sendmail version / Action
B.11.11 / 8.13.3 / Upgrade to B.11.11.02.008 or subsequent
B.11.23 / 8.13.3 / Upgrade to B.11.23.1.007 or subsequent
B.11.31 / 8.13.3 / Upgrade to C.8.13.3.5 or subsequent
Note: Installations of HP-UX B.11.11 running sendmail 8.11.1 should upgrade to sendmail 8.13.3 or subsequent. This Sendmail 8.13.3 Special Release Upgrade is available for download from http://software.hp.com
Go to >> Internet ready and networking >> Sendmail 8.13.3 Special Release Upgrade
Note: To identify a system in a vulnerable configuration:
1. Log on to the HP-UX system
2. Run .telnet localhost 25.
3. Enter .ehlo xyz.
4. Search the output for .250-STARTTLS.
5. If .250-STARTTLS. is found, the system is in a vulnerable configuration
It is recommended that the update be applied even if the system is not currently in a vulnerable configuration. Applying the update will eliminate the possibility of introducing the vulnerability by a configuration change.
MANUAL ACTIONS: Yes - Update
B.11.11 - install SMAIL B.11.11.02.008 or subsequent
B.11.23 - install SMAIL B.11.23.1.007 or subsequent
B.11.31 - install SENDMAIL C.8.13.3.5 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
=============
SMAIL-UPGRADE.INETSVCS-SMAIL
action: install B.11.11.02.008 or subsequent
HP-UX B.11.23
=============
SMAIL-UPGRADE.INET-SMAIL
SMAIL-UPGRADE.INET2-SMAIL
action: install B.11.23.1.007 or subsequent
HP-UX B.11.31
=============
Sendmail.SENDMAIL-AUX
Sendmail.SENDMAIL-RUN
action: install C.8.13.3.5 or subsequent
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 24 March 2010 Initial release
Version: 2 (rev.2) - 20 April 2010 Updated revisions for download and download location.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvONX0ACgkQ4B86/C0qfVnPrACfW+SrdtpqWypGS5qZBfusIu4M
/GcAoJC7dkpGvbBvbOviNP01LTjT2gVC
=StCm
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02097674
Version: 1
HPSBUX02519 SSRT100004 rev.1 - HP-UX Running BIND, Remote Compromise of NXDOMAIN Responses
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-21
Last Updated: 2010-04-21
- ------------------------------------------------------------------------------
Potential Security Impact: Remote compromise of NXDOMAIN responses
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to compromise NXDOMAIN responses.
References: CVE-2010-0097
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23 and B.11.31 running BIND 9.3 prior to C.9.3.2.7.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-0097 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve these vulnerabilities.
The upgrades are available from the following location.
http://software.hp.com
HP-UX Release / Depot Name
B.11.11 PA (32 and 64) /
DNSUPGRADE_C.9.3.2.7.0_HP-UX_B.11.11_32_64.depot
B.11.23 (PA and IA) / DNSUPGRADE_C.9.3.2.7.0_HP-UX_B.11.23_IA_PA.depot
B.11.31 (PA and IA) / HPUX-NameServer_C.9.3.2.8.0_HP-UX_B.11.31_IA_PA.depot
MANUAL ACTIONS: Yes - Update
For HP-UX B.11.11 and B.11.23 install BIND C.9.3.2.7.0 or subsequent
For HP-UX B.11.31 install BIND C.9.3.2.8.0 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
BindUpgrade.BIND-UPGRADE
action: install revision C.9.3.2.7.0 or subsequent
HP-UX B.11.23
==================
BindUpgrade.BIND-UPGRADE
BindUpgrade.BIND2-UPGRADE
action: install revision C.9.3.2.7.0 or subsequent
HP-UX B.11.31
==================
NameService.BIND-AUX
NameService.BIND-RUN
action: install revision C.9.3.2.8.0 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 21 April 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvPrwYACgkQ4B86/C0qfVlvpQCbBTPWu4JIQ8HSVFBhS3X1ByUA
FAcAn13/FCPOlVFhA18H2NqkEg5fVDBB
=IUrP
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02029444
Version: 1
HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-20
Last Updated: 2010-04-20
Potential Security Impact: Remote cross site scripting (XSS), Denial of Service (DoS), execution of arbitrary code, unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS), Denial of Service (DoS), execution of arbitrary code, and unauthorized access.
References: CVE-2008-1468, CVE-2008-4226, CVE-2008-5557, CVE-2008-5814, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2010-1034
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP System Management Homepage for Windows all versions prior to 6.0
HP System Management Homepage for Linux (x86) all versions prior to 6.0
HP System Management Homepage for Linux (AMD64/EM64T) all versions prior to 6.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2008-1468 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2008-4226 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2008-5814 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6
CVE-2009-1377 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2009-1378 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2009-1379 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2009-1386 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2009-1387 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-1034 (AV:N/AC:H/Au:S/C:P/I:P/A:P) 4.6
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following resolutions.
HP System Management Homepage for Windows v6.0.0.96 (or subsequent)
HP System Management Homepage for Linux (x86) v6.0.0-95 (or subsequent)
HP System Management Homepage for Linux (AMD64/EM64T) v6.0.0-95 (or subsequent)
Note:
HP System Management Homepage for Windows v6.0.0.96 contains Namazu v2.0.18 and PHP v5.2.9
HP System Management Homepage for Linux v6.0.0-95 contains Namazu v2.0.19 and PHP v5.2.9
Downloads are available from the following locations:
HP System Management Homepage v6.0.0.96 for Windows can be downloaded from
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=1121486&prodNameId=3288144&swEnvOID=4064&swLang=8&mode=2&taskId=135&swItem=MTX-24b3c024ec034eee9a16c3cb3c
HP System Management Homepage for Linux (x86), v6.0.0-95 for Linux X86 OS can be downloaded from
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=1121486&prodNameId=3288144&swEnvOID=4048&swLang=8&mode=2&taskId=135&swItem=MTX-07a54b93a826424faf044ba986
HP System Management Homepage for Linux (AMD64/EM64T), v6.0.0-95 for Linux 64-bit OS can be downloaded from
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=1121486&prodNameId=3288144&swEnvOID=4049&swLang=8&mode=2&taskId=135&swItem=MTX-0ac5d5c51abe472da22373a2f5
Note: The updates can be also be located with the following procedure:
1. Browse to http://h20000.www2.hp.com/bizsupport
2. Search for: HP System Management Homepage for Windows Version 6.0.0.96 or HP System Management Homepage for Linux Version 6.0.0-95
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 20 April 2010 Initial Release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvNwl8ACgkQ4B86/C0qfVksggCeO4bBV9JZUa3asj93QIm6h+vx
Jw4An0cWEO4jwId62IHvBI7d4vQBeOtj
=h80D
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02031621
Version: 1
HPSBMA02494 SSRT090168 rev.1 - HP Virtual Machine Manager (VMM) for Windows, Remote Unauthorized Access, Privilege Elevation
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-21
Last Updated: 2010-04-21
Potential Security Impact: Remote unauthorized access, privilege elevation
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Virtual Machine Manager (VMM) for Windows. The vulnerabilities could be exploited remotely to gain unauthorized access or to elevate privileges.
References: CVE-2010-1035
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Virtual Machine Manager for Windows for all versions prior to v6.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-1035 (AV:N/AC:L/Au:S/C:C/I:C/A:C) 9.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made an updates available to resolve the vulnerabilities. The updates can be available from http://h18000.www1.hp.com/products/servers/management/fpdownload.html
HP Virtual Machine Manager for Windows v6.0 or subsequent
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 21 April 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvPD2oACgkQ4B86/C0qfVl8oACdH7DkDdZ9pghB3Mioe1ZbRVm3
5XwAoOPggJd+TPP/OfOuRG40xXk5spWy
=9lKF
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02009860
Version: 2
HPSBUX02508 SSRT100007 rev.2 - HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-20
Last Updated: 2010-04-20
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running sendmail and STARTTLS enabled. This vulnerability could allow a user to gain remote unauthorized access.
References: CVE-2009-4565
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23 and B.11.31 running sendmail 8.13.3 with STARTTLS enabled.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-4565 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following upgrades to resolve the vulnerability.
The updates are available from http://software.hp.com.
HP-UX Release / Sendmail version / Action
B.11.11 / 8.13.3 / Upgrade to B.11.11.02.008 or subsequent
B.11.23 / 8.13.3 / Upgrade to B.11.23.1.007 or subsequent
B.11.31 / 8.13.3 / Upgrade to C.8.13.3.5 or subsequent
Note: Installations of HP-UX B.11.11 running sendmail 8.11.1 should upgrade to sendmail 8.13.3 or subsequent. This Sendmail 8.13.3 Special Release Upgrade is available for download from http://software.hp.com
Go to >> Internet ready and networking >> Sendmail 8.13.3 Special Release Upgrade
Note: To identify a system in a vulnerable configuration:
1. Log on to the HP-UX system
2. Run .telnet localhost 25.
3. Enter .ehlo xyz.
4. Search the output for .250-STARTTLS.
5. If .250-STARTTLS. is found, the system is in a vulnerable configuration
It is recommended that the update be applied even if the system is not currently in a vulnerable configuration. Applying the update will eliminate the possibility of introducing the vulnerability by a configuration change.
MANUAL ACTIONS: Yes - Update
B.11.11 - install SMAIL B.11.11.02.008 or subsequent
B.11.23 - install SMAIL B.11.23.1.007 or subsequent
B.11.31 - install SENDMAIL C.8.13.3.5 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
=============
SMAIL-UPGRADE.INETSVCS-SMAIL
action: install B.11.11.02.008 or subsequent
HP-UX B.11.23
=============
SMAIL-UPGRADE.INET-SMAIL
SMAIL-UPGRADE.INET2-SMAIL
action: install B.11.23.1.007 or subsequent
HP-UX B.11.31
=============
Sendmail.SENDMAIL-AUX
Sendmail.SENDMAIL-RUN
action: install C.8.13.3.5 or subsequent
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 24 March 2010 Initial release
Version: 2 (rev.2) - 20 April 2010 Updated revisions for download and download location.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvONX0ACgkQ4B86/C0qfVnPrACfW+SrdtpqWypGS5qZBfusIu4M
/GcAoJC7dkpGvbBvbOviNP01LTjT2gVC
=StCm
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01997644
Version: 2
HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-02-10
Last Updated: 2010-04-26
Potential Security Impact: Remote code execution, information disclosure
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP ProLiant Support Pack 8.30 for Windows. The vulnerabilities could be exploited remotely to execute code and to gain unauthorized access to information.
References: CVE-2009-0901, CVE-2009-2493, CVE-2009-2495, MS09-035
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP ProLiant Support Pack 8.30 for Windows.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-0901 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2009-2493 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2009-2495 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
The following components on the HP ProLiant Support Pack 8.30 for Windows install versions of Microsoft Visual C++ that require security updates.
HP Network Configuration Utility for Windows Server 2003 x64 Editions
HP Network Configuration Utility for Windows Server 2003
HP Network Configuration Utility for Windows Server 2008 x64 Editions
HP Network Configuration Utility for Windows Server 2008
HP Network Configuration Utility for Windows Server 2008 R2
HP Insight Management Agents for Windows Server 2003/2008 x64 Editions
HP Insight Management Agents for Windows Server 2003/2008
HP Insight Management WBEM Providers for Windows Server 2003/2008 x64 Editions
HP Insight Management WBEM Providers for Windows Server 2003/2008
To resolve the vulnerabilities (recommended method):
The vulnerabilities can be resolved by installing the components from the HP ProLiant Support Pack 8.40 for Windows.
To resolve the vulnerabilities (alternative method):
If the HP ProLiant Support Pack 8.40 for Windows is not available the following procedure can be used to resolve the vulnerabilities.
After installing any of the vulnerable components from the HP ProLiant Support Pack 8.30 for Windows, install the updates recommended in following Microsoft documents.
Microsoft Security Bulletin MS09-035
http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
Description of the security update for the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (for previously installed versions): July 28, 2009
http://support.microsoft.com/kb/973923
Description of the security update for the Microsoft Visual C++ 2008 Redistributable Package (for previously installed versions): July 28, 2009
http://support.microsoft.com/kb/973924
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 10 February 2010 Initial release
Version:2 (rev.2) - 26 April 2010 Added list of vulnerable components
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvVmQoACgkQ4B86/C0qfVloDwCg/noMKhHmI7BPcmK49qOz7a1Y
Aa8Anii5mPH6AQZnTYNSKTCMyfvBUCXn
=YUIs
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02027185
Version: 1
HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-27
Last Updated: 2010-04-27
Potential Security Impact: Remote cross site scripting (XSS), cross site request forgery (CSRF), privilege elevation
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Systems Insight Manager running on HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely to allow cross site scripting (XSS), cross site request forgery (CSRF), and privilege elevation.
References: CVE-2008-1468, CVE-2010-1036 (XSS), CVE-2010-1037 (CSRF), CVE-2010-1038 (privilege escalation)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP System Insight Manager running on HP-UX, Linux, and Windows for all versions prior to v6.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2008-1468 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2010-1036 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2010-1037 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2010-1038 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following update to resolve the vulnerabilities.
HP System Insight Manager version 6.0 or subsequent for HP-UX, Linux, and Windows
Note:
HP System Insight Manager version 6.0 for HP-UX contains Namazu v2.0.19
HP System Insight Manager version 6.0 for Linux contains Namazu v2.0.19
HP System Insight Manager version 6.0 for Windows contains Namazu v2.0.18
The update can be downloaded from http://h18000.www1.hp.com/products/servers/management/hpsim/index.html
MANUAL ACTIONS: Yes - Update
Update to HP System Insight Manager v6.0 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
HP-UX B.11.23
HP-UX B.11.31
=============
SysMgmtAgent.MX-AGENT
SysMgmtDB.SMPGSQL-LIB
SysMgmtDB.SMPGSQL-RUN
SysMgmtDB.SMPGSQL-SHA
SysMgmtServer.MX-CMS
SysMgmtServer.MX-CORE
SysMgmtServer.MX-CORE-ARCH
SysMgmtServer.MX-JBOSS
SysMgmtServer.MX-JRE
SysMgmtServer.MX-PORTAL
SysMgmtServer.MX-REPO
SysMgmtServer.MX-TOOLS
action: install revision C.06.00.00.00
URL: http://h18000.www1.hp.com/products/servers/management/hpsim/index.html
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 27 April 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvW+kMACgkQ4B86/C0qfVkedQCg/JDde4pDaw82g8CQUfMRL9w7
mK4AoL+UumuSLupY8qoU/S/z+4XyoIPI
=w0Cl
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01950877
Version: 3
HPSBMA02483 SSRT090257 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-12-09
Last Updated: 2010-05-04
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2009-0898 (SSRT090101)
CVE-2009-3845 (SSRT090037, ZDI-CAN-453)
CVE-2009-3846 (SSRT090122, ZDI-CAN-526)
CVE-2009-3847 (SSRT090128, ZDI-CAN-532)
CVE-2009-3848 (SSRT090129, ZDI-CAN-522)
CVE-2009-3849 (SSRT090130, ZDI-CAN-523)
CVE-2009-4176 (SSRT090131, ZDI-CAN-532)
CVE-2009-4177 (SSRT090132, ZDI-CAN-538)
CVE-2009-4178 (SSRT090133, ZDI-CAN-539)
CVE-2009-4179 (SSRT090134, ZDI-CAN-540)
CVE-2009-4180 (SSRT090135, ZDI-CAN-542)
CVE-2009-4181 (SSRT090164, ZDI-CAN-549)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-0898 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-3845 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-3846 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-3847 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-3848 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-3849 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-4176 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-4177 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-4178 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-4179 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-4180 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2009-4181 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
SSRT090101
The Hewlett-Packard Company thanks Takehiro Takahashi, IBM X-Force for reporting this vulnerability to security-alert@hp.com.
SSRT090037, SSRT090128, SSRT090129, SSRT090130
The Hewlett-Packard Company thanks an anonymous researcher working with the TippingPoint Zero Day Initiative for reporting these vulnerabilities to security-alert@hp.com.
SSRT090122, SSRT090131, SSRT090132, SSRT090133, SSRT090134, SSRT090135, SSRT090164
The Hewlett-Packard Company thanks Aaron Portnoy of TippingPoint DVLabs for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerabilities for NNM v7.53.
The patches are available from http://support.openview.hp.com/selfsolve/patches
OV NNM v7.53
Operating System
Patch
HP-UX (IA)
PHSS_40375 or subsequent
HP-UX (PA)
PHSS_40374 or subsequent
Linux RedHatAS2.1
LXOV_00101 or subsequent
Linux RedHat4AS-x86_64
LXOV_00102 or subsequent
Solaris
PSOV_03525 or subsequent
Windows
NNM_01201 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
ftp.usa.hp.com
nnm_753
Update53
OV NNM v7.01 (IA)
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
OV NNM v7.01 (PA)
HP has made patches available to resolve the vulnerabilities for NNM v7.01 (PA).
The patches are available from http://support.openview.hp.com/selfsolve/patches
Operating_System
Patch
HP-UX (PA)
PHSS_40705 or subsequent
Solaris
PSOV_03526 or subsequent
Windows
NNM_01202 or subsequent
MANUAL ACTIONS: Yes - NonUpdate
NNM v7.51 - Upgrade to v7.53 and apply the appropriate patches.
NNM v7.01 (IA) - Upgrade to v7.53 and apply the appropriate patches.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.51 and 7.53
HP-UX B.11.31
HP-UX B.11.23 (IA)
HP-UX B.11.23 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.50.00
action: install the patches listed in the Resolution
For HP-UX OV NNM 7.01 (IA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.01.00
action: upgrade to v7.53 and apply the appropriate patches
For HP-UX OV NNM 7.01 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.01.00
action: install the patches listed in the Resolution
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 9 December 2009 Initial release
Version:2 (rev.2) -11 December 2009 Corrected References section, CVE-2009-0898 (SSRT090101), ..., CVE-2009-3847 (SSRT090128)
Version:3 (rev.3) - 4 May 2010 Added NNM v7.01(IA), patches for NNM v7.01(PA)
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvgJmwACgkQ4B86/C0qfVnxyQCgiIHDR+BVjCax2IHJIEQXRjB7
kI4AnRk3Qq1rXv+5W0kpJhV0nOnKlUVi
=d8lC
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01696729
Version: 5
HPSBMA02416 SSRT090008 rev.5 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-03-23
Last Updated: 2010-05-04
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2009-0920, CVE-2009-0921
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-0920 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2009-0921 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Oren Isacson of Core Security Technologies for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerabilities for NNM v7.53.
The patches are available from http://support.openview.hp.com/selfsolve/patches
OV NNM v7.53
Operating System
Patch
HP-UX (IA)
PHSS_39640 or subsequent
HP-UX (PA)
PHSS_39639 or subsequent
Linux RedHatAS2.1
LXOV_00095 or subsequent
Linux RedHat4AS-x86_64
LXOV_00096 or subsequent
Solaris
PSOV_03520 or subsequent
Windows
NNM_01198 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
ftp.usa.hp.com
nnm_753
Update53
OV NNM v7.01 (IA)
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
OV NNM v7.01 (PA)
HP has made patches available to resolve the vulnerabilities for NNM v7.01 (PA).
The patches are available from http://support.openview.hp.com/selfsolve/patches
Operating_System
Patch
HP-UX (PA)
PHSS_40705 or subsequent
Solaris
PSOV_03526 or subsequent
Windows
NNM_01202 or subsequent
MANUAL ACTIONS: Yes - NonUpdate
NNM v7.51 - Upgrade to v7.53 and apply the appropriate patches.
NNM v7.01 (IA) - Upgrade to v7.53 and apply the appropriate patches.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.51 and 7.53
HP-UX B.11.31
HP-UX B.11.23 (IA)
HP-UX B.11.23 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.50.00
action: install the patches listed in the Resolution
For HP-UX OV NNM 7.01 (IA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.01.00
action: upgrade to v7.53 and apply the appropriate patches
For HP-UX OV NNM 7.01 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.01.00
action: install the patches listed in the Resolution
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 23 March 2009 Initial release
Version:2 (rev.2) - 31 March 2009 Archive available for NNM v7.53 with Intermediate Patch 22
Version:3 (rev.3) - 6 April 2009 Archive rev.1 available for NNM v7.53 with Intermediate Patch 22
Version:4 (rev.4) - 15 December 2009 Patches available for NNM v7.53, archive files on ftp.usa.hp.com
Version:5 (rev.5) - 4 May 2010 Added NNM v7.01(IA), patches for NNM v7.01(PA)
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvgKxsACgkQ4B86/C0qfVmLmwCdHMnc1ZzWTGS5FNhMKCwJZIfI
JYEAn0O4cs63uYBGrtuAQA4uPJS9JovY
=Q4LS
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01646081
Version: 4
HPSBMA02400 SSRT080144 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-01-20
Last Updated: 2010-05-04
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code.
References: CVE-2008-0067
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2008-0067 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks JJ Reyes, Secunia Research for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerabilities for NNM v7.53.
The patches are available from http://support.openview.hp.com/selfsolve/patches
OV NNM v7.53
Operating System
Required Patch
HP-UX (IA)
PHSS_39246 or subsequent
HP-UX (PA)
PHSS_39245 or subsequent
Linux RedHatAS2.1
LXOV_00093 or subsequent
Linux RedHat4AS-x86_64
LXOV_00094 or subsequent
Solaris
PSOV_03519 or subsequent
Windows
NNM_01197 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
ftp.usa.hp.com
nnm_753
Update53
OV NNM v7.01 (IA)
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
OV NNM v7.01 (PA)
HP has made patches available to resolve the vulnerabilities for NNM v7.01 (PA).
The patches are available from http://support.openview.hp.com/selfsolve/patches
Operating_System
Patch
HP-UX (PA)
PHSS_40705 or subsequent
Solaris
PSOV_03526 or subsequent
Windows
NNM_01202 or subsequent
MANUAL ACTIONS: Yes - NonUpdate
NNM v7.51 - Upgrade to v7.53 and apply the appropriate patches.
NNM v7.01 (IA) - Upgrade to v7.53 and apply the appropriate patches.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.51 and 7.53
HP-UX B.11.31
HP-UX B.11.23 (IA)
HP-UX B.11.23 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.50.00
action: install the patches listed in the Resolution
For HP-UX OV NNM 7.01 (IA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.01.00
action: upgrade to v7.53 and apply the appropriate patches
For HP-UX OV NNM 7.01 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.01.00
action: install the patches listed in the Resolution
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 20 January 2009 Initial release
Version:2 (rev.2) - 29 April 2009 Added NNM v7.01 hotfix
Version:3 (rev.3) - 10 December 2009 NNM v7.01 hotfix moved to ftp.usa.hp.com
Version:4 (rev.4) - 4 May 2010 Added NNM v7.01(IA), patches for NNM v7.01(PA)
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvgLTcACgkQ4B86/C0qfVnMEACg+gFus30JQDtgcj+LvkUr31di
QVEAoNLeEK1TbKrqir/elq963O2wgwth
=h8Ks
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00912968
Version: 1
HPSBMA02201 SSRT071328 rev.1 - HP LoadRunner Agent on Windows, Remote Unauthenticated Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-05
Last Updated: 2010-05-05
Potential Security Impact: Remote unauthenticated arbitrary code execution
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with the HP LoadRunner Agent running on Windows. The vulnerability could be exploited by a remote unauthenticated user to execute arbitrary code.
References: ZDI-CAN-177, CVE-2010-1549
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP LoadRunner Agent running on Windows, supplied with LoadRunner prior to v9.50
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-1549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
Acknowledgement: The Hewlett-Packard Company thanks Tenable Network Security along with TippingPoints Zero Day Initiative for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
The vulnerability can be resolved by enabling the Secure Channel feature. This resolution requires installation of LoadRunner v9.50 or subsequent.
Note: Starting with version 9.50 LoadRunner has provided a documented feature called Secure Channel. Secure Channel prevents non-trusted sources from transmitting code to the Load Generators by establishing an encrypted and secured communication channel. Secure Channel is disabled by default.
There are detailed instructions regarding Secure Channel in the HP LoadRunner Controller User's Guide. See the chapter 'Secure Host Communication'. The chapter sections 'Local Security Configuration' and 'Remote Security Configuration' have instructions to enforce secure communication using the Secure Channel feature. Using Secure Channel involves both enabling the Secure Channel feature and setting the security key.
PRODUCT SPECIFIC INFORMATION
None
HISTORY:
Version: 1 (rev.1) - 5 May 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvhiXEACgkQ4B86/C0qfVn76gCg2J9vEFjKUEvVD+XjIijUC7ZA
PkoAn1C32Dv2yF25fzW5f37FZr2xGMo3
=1gzO
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02153865
Version: 1
HPSBMA02528 SSRT100106 rev.1 - HP Performance Center Agent on Windows, Remote Unauthenticated Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-10
Last Updated: 2010-05-10
Potential Security Impact: Remote unauthenticated arbitrary code execution
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with the HP Performance Center Agent running on Windows. The vulnerability could be exploited by a remote unauthenticated user to execute arbitrary code.
References: ZDI-CAN-177, CVE-2010-1549
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Performance Center Agent running on Windows, supplied with HP Performance Center prior to v9.50
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-1549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
Acknowledgment: The Hewlett-Packard Company thanks Tenable Network Security along with TippingPoints Zero Day Initiative for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
The vulnerability can be resolved by enabling the Secure Channel feature. This resolution requires installation of HP Performance Center v9.50 or subsequent.
Note: Starting with version 9.50 HP Performance Center has provided a documented feature called Secure Communication. Secure Communication prevents non-trusted sources from transmitting code to the Load Generators by establishing an encrypted and secured communication channel. Secure Communication is disabled by default.
There are detailed instructions regarding Secure Communication in the HP Performance Center System Configuration and Installation Guide. See the 'Configuration' chapter, 'Recommended Configuration' section. The chapter section 'Configuring Host Security Settings.' has instructions to enforce Secure Communication. Using Secure Communication involves both enabling 'enforce secure communication' and setting the security key.
PRODUCT SPECIFIC INFORMATION
None
HISTORY:
Version: 1 (rev.1) - 10 May 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvoNeQACgkQ4B86/C0qfVkQKACfaDlfErcX4sMc+4Nu9f05iIMB
w9UAoKChWKRSE7e7HZhk8WIa7mI7xYRm
=mWB5
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02153379
Version: 1
HPSBMA02527 SSRT010098 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-11
Last Updated: 2010-05-11
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2010-1550 (SSRT090225, ZDI-CAN-563)
CVE-2010-1551 (SSRT090226, ZDI-CAN-564)
CVE-2010-1552 (SSRT090227, ZDI-CAN-566)
CVE-2010-1553 (SSRT090228, ZDI-CAN-573)
CVE-2010-1554 (SSRT090229, ZDI-CAN-574)
CVE-2010-1555 (SSRT090230, ZDI-CAN-575)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-1550 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2010-1551 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2010-1552 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2010-1553 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2010-1554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2010-1555 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks an anonymous researcher working with the TippingPoint Zero Day Initiative for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerabilities for NNM v7.53.
The patches are available from http://support.openview.hp.com/selfsolve/patches
OV NNM v7.53
Operating System
Patch
HP-UX (IA)
PHSS_40708 or subsequent
HP-UX (PA)
PHSS_40707 or subsequent
Linux RedHatAS2.1
LXOV_00103 or subsequent
Linux RedHat4AS-x86_64
LXOV_00104 or subsequent
Solaris
PSOV_03527 or subsequent
Windows
NNM_01203 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
ftp.usa.hp.com
nnm_753
Update53
OV NNM v7.01 (IA)
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
OV NNM v7.01 (PA)
HP has made patches available to resolve the vulnerabilities for NNM v7.01 (PA).
The patches are available from http://support.openview.hp.com/selfsolve/patches
Operating_System
Patch
HP-UX (PA)
PHSS_40705 or subsequent
Solaris
PSOV_03526 or subsequent
Windows
NNM_01202 or subsequent
MANUAL ACTIONS: Yes - NonUpdate
NNM v7.51 - Upgrade to v7.53 and apply the appropriate patches.
NNM v7.01 (IA) - Upgrade to v7.53 and apply the appropriate patches.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.51 and 7.53
HP-UX B.11.31
HP-UX B.11.23 (IA)
HP-UX B.11.23 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.50.00
action: install the patches listed in the Resolution
For HP-UX OV NNM 7.01 (IA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.01.00
action: upgrade to v7.53 and apply the appropriate patches
For HP-UX OV NNM 7.01 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.01.00
action: install the patches listed in the Resolution
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 11 May 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvpV7wACgkQ4B86/C0qfVnWRwCgvRTheRID0oYhLUKvEi4svTNv
5ooAn0WbhqNcoK7cD/GfriarDtWYwDbz
=G+bL
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-081
May 11, 2010
-- CVE ID:
CVE-2010-1550
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9273.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP Network Node Manager. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the ovet_demandpoll.exe process. This
process can be started by invoking the webappmon.exe CGI application
through the webserver. The process calls vnsprintf() directly with the
contents of the 'sel' POST variable. By providing a malicious value this
format string vulnerability can be leveraged by remote attackers to
execute arbitrary code under the context of the ovet_demandpoll.exe
process.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379
-- Disclosure Timeline:
2009-10-21 - Vulnerability reported to vendor
2010-05-11 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
--- End Message ---
--- Begin Message ---
ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-082
May 11, 2010
-- CVE ID:
CVE-2010-1551
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9271.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP Network Node Manager. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the Network Monitor (netmon.exe) daemon.
This process can be started by invoking the webappmon.exe CGI
application through the webserver. When the _OVParseLLA function defined
within ov.dll is called from netmon.exe it directly copies the value of
the 'sel' POST variable into a fixed-length stack buffer with a call to
strcpy(). This can be leveraged by remote attackers to execute arbitrary
code under the context of the webserver process.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379
-- Disclosure Timeline:
2009-10-21 - Vulnerability reported to vendor
2010-05-11 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
--- End Message ---
--- Begin Message ---
ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-083
May 11, 2010
-- CVE ID:
CVE-2010-1552
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9268.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP Network Node Manager. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the snmpviewer.exe CGI. The doLoad
function in this process calls sprintf() with a %s format specifier and
unsanitized user input retrieved from two separate POST variables (act
and app). By providing large enough strings a remote attacker can cause
a stack-based buffer overflow and eventually execute arbitrary code
under the context of the webserver process.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379
-- Disclosure Timeline:
2010-02-11 - Vulnerability reported to vendor
2010-05-11 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
--- End Message ---
--- Begin Message ---
ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-084
May 11, 2010
-- CVE ID:
CVE-2010-1553
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9547.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP Network Node Manager. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the getnnmdata.exe CGI. If this CGI is
requested with an invalid MaxAge parameter a sprintf() call is made to
log the error. However, no length check is performed on the variable
contents before copying in to a fixed-length stack buffer. This can be
leveraged by remote attackers to execute arbitrary code under the
context of the webserver process.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379
-- Disclosure Timeline:
2009-10-21 - Vulnerability reported to vendor
2010-05-11 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
--- End Message ---
--- Begin Message ---
ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-085
May 11, 2010
-- CVE ID:
CVE-2010-1554
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9547.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP Network Node Manager. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the getnnmdata.exe CGI. If this CGI is
requested with an invalid iCount POST parameter a sprintf() call is made
to log the error. However, no length check is performed on the variable
contents before copying in to a fixed-length stack buffer. This can be
leveraged by remote attackers to execute arbitrary code under the
context of the webserver process.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379
-- Disclosure Timeline:
2009-10-21 - Vulnerability reported to vendor
2010-05-11 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
--- End Message ---
--- Begin Message ---
ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-086
May 11, 2010
-- CVE ID:
CVE-2010-1555
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Network Node Manager
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9500.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP Network Node Manager. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the getnnmdata.exe CGI. If this CGI is
requested with an invalid Hostname parameter a sprintf() call is made to
log the error. However, no length check is performed on the variable
contents before copying in to a fixed-length stack buffer. This can be
leveraged by remote attackers to execute arbitrary code under the
context of the webserver process.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379
-- Disclosure Timeline:
2009-10-21 - Vulnerability reported to vendor
2010-05-11 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02085876
Version: 1
HPSBMA02520 SSRT100071 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access to Data
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-11
Last Updated: 2010-05-11
Potential Security Impact: Remote unauthorized access to data
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerability could be exploited remotely resulting in unauthorized access to data.
References: CVE-2010-1556
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows v5.3, v5.3 with Update 1, and v6.0.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-1556 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerability.
The updates can be downloaded from http://www.hp.com/go/hpsim
Hot Fix Update Kit for HP SIM 5.3 - HP-UX
Hot Fix Update Kit for HP SIM 6.0 - HP-UX
Hot Fix Update Kit for HP SIM 5.3 - Linux
Hot Fix Update Kit for HP SIM 6.0 - Linux
Hot Fix Update Kit for HP SIM 5.3 - Windows
Hot Fix Update Kit for HP SIM 6.0 - Windows
MANUAL ACTIONS: Yes - Update
Install Hot Fix Update Kit for HP SIM 5.3 - HP-UX
Hot Fix Update Kit for HP SIM 6.0 - HP-UX
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For SIM v5.3 and v5.3 with Update 1
HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31
=============
SysMgmtServer.MX-CMS
SysMgmtServer.MX-CORE
SysMgmtServer.MX-CORE-ARCH
SysMgmtServer.MX-CORE-ARCH
SysMgmtServer.MX-PORTAL
SysMgmtServer.MX-REPO
SysMgmtServer.MX-TOOLS
action: install Hot Fix Update Kit for HP SIM 5.3 - HP-UX
For SIM v6.0
HP-UX B.11.23
HP-UX B.11.31
=============
SysMgmtServer.MX-CMS
SysMgmtServer.MX-CORE
SysMgmtServer.MX-CORE-ARCH
SysMgmtServer.MX-CORE-ARCH
SysMgmtServer.MX-PORTAL
SysMgmtServer.MX-REPO
SysMgmtServer.MX-TOOLS
action: install Hot Fix Update Kit for HP SIM 6.0 - HP-UX
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 11 May 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvpab4ACgkQ4B86/C0qfVlscACeOwSHbvrEttqPqa4r30HGprQr
wf4AoPnfXgcpF3BPao/7bfk7E/rBvRs3
=aIcZ
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02114879
Version: 1
HPSBMA02522 SSRT100086 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-11
Last Updated: 2010-05-11
Potential Security Impact: Remote cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Insight Control server migration for Windows . These vulnerabilities could be exploited remotely for cross site scripting (XSS).
References: CVE-2010-1557
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Insight Control server migration for Windows for all versions prior to v6.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-1557 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made an updates available to resolve the vulnerabilities. The updates can be available from http://h18000.www1.hp.com/products/servers/management/fpdownload.html
HP Insight Control server migration v6.0 or subsequent
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 11 May 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvpbUwACgkQ4B86/C0qfVk23QCfaLngRfqSwxwx3FUC0MbsIniO
M1UAoL0SNcXzoKPAhNnr45RD7c5iTS86
=eAiS
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02161624
Version: 1
HPSBPI02532 SSRT100111 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-12
Last Updated: 2010-05-12
Potential Security Impact: Local unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to "Send to e-mail" and other functionality of an HP Multifunction Peripheral (MFP) controlled by the HP Digital Sending Software.
References: CVE-2010-1558
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP MFP Digital Sending Software prior to v4.18.3 running on Windows
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-1558 (AV:L/AC:M/Au:N/C:C/I:N/A:N) 4.7
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
Note: For further information on Secure Printing and Imaging please refer to http://www.hp.com/go/secureprinting
RESOLUTION
HP has provided a preliminary update to resolve this vulnerability.
The HP MFP Digital Sending Software v4.18.3 update is available using ftp:
Host
Account
Password
ftp.usa.hp.com
dss4183
Costing9
Optionally verify the SHA-1 sum.
HP MFP Digital Sending Software v4.18.3 File
SHA-1 Sum
dss4183.zip
1b81-94a7-8a8e-d12e-f2e9-038e-2de2-c9a1-daa5-c32c
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 12 May 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvrGBsACgkQ4B86/C0qfVmW2wCdFtaO0jjK/URYnXio1MUFC7oe
1dIAn3IDEz4hkVFE35Sh1u863L5MvVsZ
=WiRd
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
ZDI-10-080: HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-080
May 6, 2010
-- CVE ID:
CVE-2010-1549
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard LoadRunner
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5356.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP Mercury LoadRunner. Authentication is not
required to exploit this vulnerability.
The specific flaw exists within the process magentproc.exe that binds to
TCP port 54345. A specially crafted packet will allow unauthenticated
users to execute local commands. When a state of 0 or 4 is passed after
the parameters, mchan.dll will process the commands on the host. This
allows for remote code execution under the context of the SYSTEM user.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00912968
-- Disclosure Timeline:
2007-03-19 - Vulnerability reported to vendor
2010-05-06 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Tenable Network Security
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
--- End Message ---