[guru] HP biztonsagi frissitesek
DATE: Mon, 09 Jan 2012 23:15:03 +0100
HP-UX termékcsalád:
-------------------
Megjelent a bind 9.2 DoS javítása is HP-UX rendszerekre.
Számtalan hiba miatt frissítették a java fejlesztő és futtató környezetet.
HP OpenView termékcsalád:
-------------------------
Részletek derültek ki egy már javított HP OpenView Network Node Manager távoli
kód futtatási hibáról: heap buffer overflow hiba az nnmRotConfig.exe CGI
nameParams paraméterének kezelésében, valamint format string hiba az ov.dll
textFile paraméter kezelésében,
Stack buffer overflow hibát találtak a webappmon.exe CGI programjában.
Egyéb:
------
Fájl létrehozási, NUL karakter beszúrási és directory traversal hibát találtak
a HP Managed Printing Administration szoftverében. Az MPAUploader.dll stack
buffer overflow hibát tartalmaz.
Néhány HP nyomtatón és digitális faxon a távoli firmware frissítés alapból
engedélyezett, így a támadó akár saját szoftvert is rájuk tud tölteni. Az új
firmware már aláírással védett.
A HP Database Archiving Software kód futtatási hibát tartalmaz.
A HP JetDirect szerverek directory traversal hibát tartalmaznak.
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-348
December 13, 2011
- -- CVE ID:
CVE-2011-3165
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected Vendors:
Hewlett-Packard
- -- Affected Products:
Hewlett-Packard OpenView Network Node Manager
- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 10529.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of OpenView Network Node Manager.
Authentication is not required to exploit this vulnerability.
The specific flaw exists within nnmRotConfig.exe CGI program. When
processing crafted nameParams parameters, there exists an insufficient
boundary check that can lead to a insufficient heap buffer, enabling a
heap overflow. This can lead to memory corruption which can be leveraged
to execute arbitrary code under the context of the target service.
- -- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03054052
- -- Disclosure Timeline:
2011-05-12 - Vulnerability reported to vendor
2011-12-13 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* Aniway (Aniway.Anyway@gmail.com)
- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJO58aVAAoJEFVtgMGTo1sciSwH+wZ9IJHT4yk19Ze/ufs0L7Vp
+ePPrY+8D8S6ZxPkzROEyg9jLWyZJysWp89UU5iK6423pEX74kmIVA0whvkdkWsy
ZrKi42ZsSIiNh7tPOq5zzoKp/gOTo+ocz9wJMx6z2sba9qigOHbHYQ2YI92Z4noB
5znnCTWnhMtIvO/Pj6SqHhp8/fZLU6G9KPytlZ4fS1cpPC/EC6tF8zbxPKFr4LsB
Yzc1+vApw2bIiKwDEKNIvy0HqQuu29I1GzMTjMVVZoL87ZI2Zg1FWGhrlmGiVoaU
1fh0oYIiZ1vPcO8kB7Ixhziej9YVAvYKblr9yGhb133/obNguBO980Hf6EJrfQY=
=Kwdn
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03070783
Version: 3
HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-10-27
Last Updated: 2011-12-15
------------------------------------------------------------------------------
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2011-2464
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running BIND 9.3 prior to C.9.3.2.10.0
HP-UX B.11.11 and B.11.23 running BIND 9.3 prior to C.9.3.2.9.0
HP-UX B.11.11 running BIND 9.2 prior to C.9.3.2.9.1
HP-UX B.11.23 running BIND 9.2
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-2464 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability.
The BIND 9.3 upgrades are available from the following location
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=BIND
HP-UX Release / BIND 9.3 Depot Name
B.11.11 PA (32 and 64) / DNSUPGRADE_C.9.3.2.9.0_HP-UX_B.11.11_32_64.depot
B.11.23 (PA and IA) / DNSUPGRADE_C.9.3.2.9.0_HP-UX_B.11.23_IA_PA.depot
B.11.31 (PA and IA) / HPUX-NameServer_C.9.3.2.10.0_HP-UX_B.11.31_IA_PA.depot
The new (revision 2 of this bulletin) BIND 9.2 upgrades are available from the following location
ftp://s02729:Secure12@ftp.usa.hp.com
HP-UX Release / BIND 9.2 Depot Name
B.11.11 PA (32 and 64) / BIND92-1111-wu17.depot
B.11.23 (PA and IA) / PHNE_42727.depot
MANUAL ACTIONS: Yes - Update
For HP-UX B.11.11 and B.11.23 install BIND C.9.3.2.9.0 or subsequent
For HP-UX B.11.31 install BIND C.9.3.2.10.0 or subsequent
For HP-UX B.11.11 and B.11.23 install unofficial BIND 9.2 depots listed or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For BIND 9.2
HP-UX B.11.11
==================
BINDv920.INETSVCS-BIND
action: install revision B.11.11.01.017 or subsequent
HP-UX B.11.23
==================
InternetSrvcs.INETSVCS-INETD
InternetSrvcs.INETSVCS-RUN
InternetSrvcs.INETSVCS2-RUN
action: install patch PHNE_41727 or subsequent
For BIND 9.3
HP-UX B.11.11
==================
BindUpgrade.BIND-UPGRADE
action: install revision C.9.3.2.9.0 or subsequent
HP-UX B.11.23
==================
BindUpgrade.BIND-UPGRADE
BindUpgrade.BIND2-UPGRADE
action: install revision C.9.3.2.9.0 or subsequent
HP-UX B.11.31
==================
NameService.BIND-AUX
NameService.BIND-RUN
action: install revision C.9.3.2.10.0 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 27 October 2011 Initial release
Version:2 (rev.2) 14 December 2011 Added BIND 9.2 solution
Version:3 (rev.3) 14 December 2011 Corrected typo in BIND 9.2 table
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk7qX7QACgkQ4B86/C0qfVk8JACgo0zeLt3/8iFU+VAPxi8XInRK
xacAn3s7pX8x496flXjqoHHi5l+d8nFO
=Oy7O
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03105548
Version: 2
HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-12-01
Last Updated: 2011-12-14
------------------------------------------------------------------------------
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2011-4313
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running BIND 9.3 prior to C.9.3.2.10.1
HP-UX B.11.11 and B.11.23 running BIND 9.3 prior to C.9.3.2.9.1
HP-UX B.11.11 running BIND 9.2 prior to C.9.3.2.9.1
HP-UX B.11.23 running BIND 9.2
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-4313 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. When final depots are released this bulletin will again be revised.
The upgrades are available from the following location
ftp://s02729:Secure12@ftp.usa.hp.com
BIND 9.2 for HP-UX Release / Depot Name
B.11.11 PA (32 and 64) / BIND92-1111-wu17.depot
B.11.23 (PA and IA) / PHNE_42727.depot
BIND 9.3 for HP-UX Release / Depot Name
B.11.11 PA (32 and 64) / BIND93-1111-unof.depot
B.11.23 (PA and IA) / BIND93-1123-unof.depot
B.11.31 (PA and IA) / BIND93-1131-unof.depot
MANUAL ACTIONS: Yes - Update
Download and install the software updates
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For BIND 9.2
HP-UX B.11.11
==================
BINDv920.INETSVCS-BIND
action: install revision B.11.11.01.017 or subsequent
HP-UX B.11.23
==================
InternetSrvcs.INETSVCS-INETD
InternetSrvcs.INETSVCS-RUN
InternetSrvcs.INETSVCS2-RUN
action: install patch PHNE_41727 or subsequent
For BIND 9.3
HP-UX B.11.11
==================
BindUpgrade.BIND-UPGRADE
action: install revision C.9.3.2.9.1 or subsequent
HP-UX B.11.23
==================
BindUpgrade.BIND-UPGRADE
BindUpgrade.BIND2-UPGRADE
action: install revision C.9.3.2.9.1 or subsequent
HP-UX B.11.31
==================
NameService.BIND-AUX
NameService.BIND-RUN
action: install revision C.9.3.2.10.1 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 1 December 2011 Initial release
Version:2 (rev.2) 14 December 2011 Replaced both unofficial BIND 9.2 depots
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk7qX3kACgkQ4B86/C0qfVluzwCgjbA0Cae0bn1tPsmJq5DJV01y
RhMAoMaMazXt5RV45uUdVnkXcZr2R6UQ
=M0dh
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02945548
Version: 1
HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-12-14
Last Updated: 2011-12-15
-----------------------------------------------------------------------------
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References: CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0872, CVE-2011-0873.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.11 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.23 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 1.4.2.26 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference and Affectivity / Base Vector / Base Score
CVE-2011-0786 (1) / AV:N/AC:H/Au:N/C:C/I:C/A:C / 7.6
CVE-2011-0788 (1) / AV:N/AC:H/Au:N/C:C/I:C/A:C / 7.6
CVE-2011-0802 (1) (2) (3) / AV:N/AC:L/Au:N/C:C/I:C/A:C / 10.0
CVE-2011-0814 (1) (2) (3) / AV:N/AC:L/Au:N/C:C/I:C/A:C / 10.0
CVE-2011-0815 (1) (2) (3) / AV:N/AC:L/Au:N/C:C/I:C/A:C / 10.0
CVE-2011-0817 (1) / AV:N/AC:L/Au:N/C:C/I:C/A:C / 10.0
CVE-2011-0862 (1) (2) (3) / AV:N/AC:L/Au:N/C:C/I:C/A:C / 10.0
CVE-2011-0863 (1) / AV:N/AC:L/Au:N/C:C/I:C/A:C / 10.0
CVE-2011-0864 (1) (2) (3) / AV:N/AC:L/Au:N/C:C/I:C/A:C / 10.0
CVE-2011-0865 (1) (2) (3) / AV:N/AC:H/Au:N/C:N/I:P/A:N / 2.6
CVE-2011-0866 (1) (2) (3) / AV:N/AC:H/Au:N/C:C/I:C/A:C / 7.6
CVE-2011-0867 (1) (2) (3) / AV:N/AC:L/Au:N/C:P/I:N/A:N / 5.0
CVE-2011-0868 (1) / AV:N/AC:L/Au:N/C:P/I:N/A:N / 5.0
CVE-2011-0869 (1) / AV:N/AC:L/Au:N/C:P/I:N/A:N / 5.0
CVE-2011-0871 (1) (2) (3) / AV:N/AC:L/Au:N/C:C/I:C/A:C / 10.0
CVE-2011-0872 (1) (2) (3) / AV:N/AC:L/Au:N/C:N/I:N/A:P / 5.0
CVE-2011-0873 (1) (2) / AV:N/AC:L/Au:N/C:C/I:C/A:C / 10.0
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
NOTE:
(1) Resolved in HP JDK / JRE 6.0.12 and subsequent.
(2) Resolved in HP JDK / JRE 5.0.24 and subsequent. It is recommended to upgrade to JDK and JRE 6.0.12 or later if possible, to resolve all of the above CVE vulnerabilities.
(3) Resolved in HP JDK / JRE 1.4.2.27 and subsequent. It is recommended to upgrade to JDK and JRE 6.0.12 or later if possible, to resolve all of the above CVE vulnerabilities.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities
The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31
JDK and JRE v6.0.12 or subsequent
JDK and JRE v5.0.24 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v6.0.10 and earlier, update to Java v6.0.12 or subsequent
For Java v5.0.23 and earlier, update to Java v5.0.24 or subsequent
For Java v1.4.2.27 and earlier, update to Java v5.X or v6.X
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31
===========
Jre15.JRE15-COM
Jre15.JRE15-PA20
Jre15.JRE15-PA20-HS
Jre15.JRE15-PA20W
Jre15.JRE15-PA20W-HS
Jre15.JRE15-IPF32
Jre15.JRE15-IPF32-HS
Jre15.JRE15-IPF64
Jre15.JRE15-IPF64-HS
Jdk15.JDK15-PA20
Jdk15.JDK15-PA20W
Jdk15.JDK15-COM
Jdk15.JDK15-IPF32
Jdk15.JDK15-IPF64
action: install revision 1.5.0.24.00 or subsequent
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
Jdk60.JDK60-COM
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
action: install revision 1.6.0.12.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 14 December 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk7vqnYACgkQ4B86/C0qfVl/4wCg2RAv6h+DJhA6cw8TghKq/nE1
JYUAoNQ1PMdCnAiHIf5CXdefxul+etom
=DKDG
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-11-352
December 22, 2011
- -- CVE ID:
CVE-2011-4166
- -- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
- -- Affected Vendors:
Hewlett-Packard
- -- Affected Products:
Hewlett-Packard Managed Printing Administration
- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11696.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP Managed Printing Administration.
Authentication is not required to exploit this vulnerability.
There multiple classes of flaws within this product including arbitrary
file creation, null char truncation and directory traversal. Null
injection and directory traversal can be used in the form data passed to
MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.
- -- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03128469
- -- Disclosure Timeline:
2011-04-01 - Vulnerability reported to vendor
2011-12-22 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* Andrea Micalizzi aka rgod
- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJO81uEAAoJEFVtgMGTo1scnQEH/1YCwY1cmyj3TgQiRlHYBFox
gW7yyJenvL0YoBViLYSUGVrdnU/o0BPUKIpCl6zizyIi4ZlYLJoTudLjRp7Nrlc5
oOdkCv4C/W1XYM2OMKZz8IqZWZ1Ev5ewhrc/bJZyKWOTWJEvN+hEhvPVrIH3gH3t
psKc4YX2BEHvN6tinRRIk5tgTY3yjAF8+tn9mwPwDmtrjrdP17q59KsoG149visz
yAVke+cjdaN6QeEcYkLuv31ZfSRSvLXkwCaq2XMsPOVya1q6NXoZpFxHwYWukIVj
CcZdyk1z6rFPCw2bHI4jd0ZFIQjtqPJfBErZiY3loSzSbxvcCO2o/+doYNtRBT8=
=4VZo
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-353
December 22, 2011
- -- CVE ID:
CVE-2011-4167
- -- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
- -- Affected Vendors:
Hewlett-Packard
- -- Affected Products:
Hewlett-Packard Managed Printing Administration
- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11697.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP Managed Printing Administration.
Authentication is not required to exploit this vulnerability.
The specific flaw exists within the MPAUploader.dll file. An extended
length string can be passed into scripts within the management website
on port 80 (the 'uploadfile' multipart form data 'filename' parameter in
Default.asp) and ultimately to MPAUploader.dll. As a static stack
allocation is used to store the buffer and the string length is not
handled properly, a remote attacker may overwrite the stack and
ultimately execute remote code.
- -- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03128469
- -- Disclosure Timeline:
2011-04-01 - Vulnerability reported to vendor
2011-12-22 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* Andrea Micalizzi aka rgod
- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJO81vPAAoJEFVtgMGTo1scFTwH/iFZIKLTKsT7B5jlHgrqv1Lr
5AJi7ECRJndRBm1xhQqGweVnsHA1AjbPPXzKX4rN15XP8OCaM7Ngfaaynb/6JYSz
MNOyhOQtDLFDhZ1OdMA4Z3NhM84U6zGsL6Zf9Eo60SOfDF9Jf/P5dwmjbAXtc6Iz
Pb9BRjDYVDVSrXUSP2m0iaR6u6XgEgD70KHrFPzvJkjz1lXRbUHXJyrgKkxhvobd
CpgtdkYyv2qGKMo4uRBgPxiZYnAH2zb0bCVJtgGguJzkVG7mInr1puGl7h3aq7/K
7A5KSaogjtsoBQeNwxQxe73Lddnbz2N3t7m36f4NWahBlRQupCjmJ6Z8UGFF/8A=
=HgFw
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-11-354
December 22, 2011
- -- CVE ID:
CVE-2011-4168
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- -- Affected Vendors:
Hewlett-Packard
- -- Affected Products:
Hewlett-Packard Managed Printing Administration
- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11699.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code
on vulnerable installations of HP Managed Printing Administration.
Authentication is not required to exploit this vulnerability.
There multiple classes of flaws within this product including
arbitrary file creation, null char truncation and directory traversal.
Null injection and directory traversal can be used in the form data
passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely
create arbitrary files.
- -- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability.
More details can be found at:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03128469
- -- Disclosure Timeline:
2011-04-01 - Vulnerability reported to vendor
2011-12-22 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* Andrea Micalizzi aka rgod
- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJO81xzAAoJEFVtgMGTo1scP6AH/00ZF21U/frqYt0EO9yct9o1
f1m0SZB7y5FG8NpUbtvNwA7Ai1V4KU5cHjKHKAWFUe5J9Cp3zbg4ie4yjwJ36xqf
ICiIS7dAOvAFVuKzJ4hzkTpUDPos/Zmg2dt31oPJDSAJJNb9HmxDJ5pqFVJKy8R5
x4h3N1BuNfviG8ARwPO1sGnL1aM3SDCrcjL03ZsTVVEfHAh3C4bt8H8OY2nsiHPS
05tJZyaeJRLz0Co9W3xbAy7cjaN5yxotppy9VfiupTFknYKdZm/07AlpkttYg7Nt
Oir1tJmHL/0cBYbsQqTwCq+ZNvYgwC5kNOp7myXuGsPMqf3hn1zgKlve/B05poU=
=JgDJ
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03128469
Version: 1
HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-12-21
Last Updated: 2011-12-21
Potential Security Impact: Remote execution of arbitrary code, directory traversal, creation and deletion of arbitrary files, unauthorized access to application database
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Managed Printing Administration. These vulnerabilities could be exploited remotely for execution of arbitrary code, directory traversal, creation and deletion of arbitrary files, and unauthorized access to the application database.
References: CVE-2011-4166 (ZDI-CAN-1064, SSRT100438)
CVE-2011-4167 (ZDI-CAN-1065, SSRT100435)
CVE-2011-4168 (ZDI-CAN-1066, SSRT100436)
CVE-2011-4169 (ZDI-CAN-1067, SSRT100422)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Managed Printing Administration before v2.6.4
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-4166 (AV:N/AC:L/Au:N/C:P/I:P/A:C) 9.0
CVE-2011-4167 (AV:N/AC:L/Au:N/C:P/I:P/A:C) 9.0
CVE-2011-4168 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2011-4169 (AV:N/AC:L/Au:N/C:P/I:P/A:C) 9.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Andrea Micalizzi aka rgod along with TippingPoint's Zero Day Initiative for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has made HP Managed Printing Administration v2.6.4 or subsequent available to resolve the vulnerabilities.
HP Managed Printing Administration can be downloaded as follows.
Browse to http://www.hp.com/go/upd then
Select "Download software"
Select a product
Select an operating system
Under "Software - Universal Print Driver " download "HP Printer Administrator Resource Kit"
Install the Managed Printing Administration contained in the HP Printer Administrator Resource Kit
HISTORY
Version:1 (rev.1) - 21 December 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk7x8sIACgkQ4B86/C0qfVk6tACgnp3rlqM6ENbGw1qmI2ogZ6Lt
EkkAnR9JAb9MeEZ6sI3qZhylG+NZ1xoT
=bla7
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03102449
Version: 2
HPSBPI02728 SSRT100692 rev.2 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-11-30
Last Updated: 2011-12-23
Potential Security Impact: Remote firmware update enabled by default
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware.
References: CVE-2011-4161
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP LaserJet Enterprise 500 color M551
HP LaserJet Enterprise 600 M601
HP LaserJet Enterprise 600 M602
HP LaserJet Enterprise 600 M603
HP Color LaserJet CM1312 Multifunction Printer
HP LaserJet Pro CM1415 Color Multifunction Printer
HP Color LaserJet CP1510
HP LaserJet M1522 Multifunction Printer
HP LaserJet Pro CP1525 Color Printer
HP LaserJet Pro M1536 Multifunction Printer
HP Color LaserJet CP2025
HP LaserJet P2035
HP LaserJet P2055
HP Color LaserJet CM2320 Multifunction Printer
HP LaserJet M2727 Multifunction Printer
HP Color LaserJet 3000
HP LaserJet P3005
HP LaserJet Enterprise P3015
HP LaserJet M3027 Multifunction Printer
HP LaserJet M3035
HP Color LaserJet CP3505
HP Color LaserJet CP3525
HP Color LaserJet CM3530
HP Color LaserJet 3800
HP Color LaserJet CP4005
HP LaserJet P4014
HP LaserJet P4015
HP LaserJet 4240
HP LaserJet 4250
HP LaserJet 4345 Multifunction Printer
HP LaserJet 4350
HP LaserJet P4515
HP Color LaserJet Enterprise CP4520
HP Color LaserJet Enterprise CP4525
HP Color LaserJet Enterprise CM4540 Multifunction Printer
HP LaserJet Enterprise M4555 Multifunction Printer
HP Color LaserJet 4700
HP Color LaserJet 4730 Multifunction Printer
HP Color LaserJet CM4730 Multifunction Printer
HP LaserJet M5025 Multifunction Printer
HP LaserJet M5035
HP LaserJet 5200n
HP Color LaserJet Professional CP5225 Printer
HP Color LaserJet CP5525
HP Color LaserJet 5550
HP Color LaserJet CP6015
HP Color LaserJet CM6030
HP Color LaserJet CM6040
HP CM8060 Color Multifunction Printer with Edgeline
HP LaserJet 9040
HP LaserJet M9040 Multifunction Printer
HP LaserJet 9050
HP LaserJet M9050 Multifunction Printer
HP 9200c Digital Sender
HP 9250c Digital Sender
HP Color LaserJet 9500
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-4161 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
Note: For further information on Secure Printing and Imaging please refer to http://www.hp.com/go/secureprinting
Remote Firmware Update (RFU): The Remote Firmware Update (RFU) feature is enabled by default. A firmware update can be sent remotely to port 9100 without authentication. This could allow unauthorized modification of the device firmware. The unauthorized firmware could impact the confidentiality and integrity of data sent to and received from the device. The unauthorized firmware could also cause a Denial of Service (DoS) to the device.
RESOLUTION
The following steps can be taken to avoid unauthorized firmware updates:
Update the firmware to a version that implements code signing
Disable the Remote Firmware Update
The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates.
The following table lists the availability of RFU disabling and code signing.
Product
RFU Can Be Disabled
Code Signing Firmware Available
HP LaserJet Enterprise 500 color M551
Yes
Yes
HP LaserJet Enterprise 600 M601
Yes
Yes
HP LaserJet Enterprise 600 M602
Yes
Yes
HP LaserJet Enterprise 600 M603
Yes
Yes
HP Color LaserJet CM1312 Multifunction Printer
Yes, Note 1
No
HP LaserJet Pro CM1415 Color Multifunction Printer
Yes, Note 1
Yes
HP Color LaserJet CP1510
Yes, Note 1
No
HP LaserJet M1522 Multifunction Printer
Yes, Note 1
No
HP LaserJet Pro CP1525 Color Printer
Yes, Note 1
Yes
HP LaserJet Pro M1536 Multifunction Printer
Yes, Note 1
Yes
HP Color LaserJet CP2025
Yes, Note 1
No
HP LaserJet P2035
Yes
No
HP LaserJet P2055
Yes
No
HP Color LaserJet CM2320 Multifunction Printer
Yes, Note 1
No
HP LaserJet M2727 Multifunction Printer
Yes, Note 1
No
HP Color LaserJet 3000
Yes
No
HP LaserJet P3005
Yes
No
HP LaserJet Enterprise P3015
Yes
Yes, Note 2
HP LaserJet M3027 Multifunction Printer
Yes
Yes, Note 2
HP LaserJet M3035
Yes
Yes, Note 2
HP Color LaserJet CP3505
Yes
No
HP Color LaserJet CP3525
Yes
Yes, Note 2
HP Color LaserJet CM3530
Yes
Yes, Note 2
HP Color LaserJet 3800
Yes
Yes
HP Color LaserJet CP4005
Yes
Yes
HP LaserJet P4014
Yes
Yes, Note 2
HP LaserJet P4015
Yes
Yes, Note 2
HP LaserJet 4240
Yes
No
HP LaserJet 4250
Yes
No
HP LaserJet 4345 Multifunction Printer
Yes
Yes, Note 2
HP LaserJet 4350
Yes
No
HP LaserJet P4515
Yes
Yes, Note 2
HP Color LaserJet Enterprise CP4520
Yes
Yes
HP Color LaserJet Enterprise CP4525
Yes
Yes, Note 2
HP Color LaserJet Enterprise CM4540 Multifunction Printer
Yes
Yes
HP LaserJet Enterprise M4555 Multifunction Printer
Yes
Yes
HP Color LaserJet 4700
Yes
Yes
HP Color LaserJet 4730 Multifunction Printer
Yes
Yes, Note 2
HP Color LaserJet CM4730 Multifunction Printer
Yes
Yes
HP LaserJet M5025 Multifunction Printer
Yes
Yes, Note 2
HP LaserJet M5035
Yes
Yes, Note 2
HP LaserJet 5200L
Yes
Yes, Note 2
HP LaserJet 5200N
Yes
Yes, Note 2
HP Color LaserJet Professional CP5225 Printer
Yes, Note 1
No
HP Color LaserJet CP5525
Yes
Yes
HP Color LaserJet 5550
Yes
No
HP Color LaserJet CP6015
Yes
Yes, Note 2
HP Color LaserJet CM6030
Yes
Yes, Note 2
HP Color LaserJet CM6040
Yes
Yes, Note 2
HP CM8060 Color Multifunction Printer with Edgeline
Yes
Yes
HP LaserJet 9040
Yes
Yes, Note 2
HP LaserJet M9040 Multifunction Printer
Yes
Yes, Note 2
HP LaserJet 9050
Yes
Yes, Note 2
HP LaserJet M9050 Multifunction Printer
Yes
Yes, Note 2
HP 9200c Digital Sender
Yes
No
HP 9250c Digital Sender
Yes
Yes, Note 2
HP Color LaserJet 9500
Yes
No
Note 1 - To add the ability to disable RFU, update to the firmware version listed in the following table.
Product
Firmware Version Adding Disable RFU Capability
HP Color LaserJet CM1312 Multifunction Printer
20111209
HP LaserJet Pro CM1415 Color Multifunction Printer
20111215
HP Color LaserJet CP1510
20111209
HP LaserJet M1522 Multifunction Printer
20111212
HP LaserJet Pro CP1525 Color Printer
20111215
HP LaserJet Pro M1536 Multifunction Printer
20111215
HP Color LaserJet CP2025
20111208
HP LaserJet P2035
20111213
HP LaserJet P2055
20111214
HP Color LaserJet CM2320 Multifunction Printer
20111209
HP LaserJet M2727 Multifunction Printer
20111212
HP Color LaserJet Professional CP5225 Printer
20111206
Note 2 - To add code signing, update to the firmware version listed in the following table.
Product
Firmware Version Adding Code Signing
HP LaserJet Enterprise P3015
07.130.0B
HP LaserJet M3027 Multifunction Printer
48.240.0B
HP LaserJet M3035
48.240.0B
HP Color LaserJet CP3525
06.130.0B
HP Color LaserJet CM3530
53.170.1B
HP LaserJet P4014
04.160.2B
HP LaserJet P4015
04.160.2B
HP LaserJet 4345 Multifunction Printer
48.240.0B
HP LaserJet P4515
04.160.2B
HP Color LaserJet Enterprise CP4525
07.110.2B
HP Color LaserJet 4730 Multifunction Printer
50.220.1B
HP LaserJet M5025 Multifunction Printer
48.240.0B
HP LaserJet M5035
48.240.0B
HP LaserJet 5200L
08.180.1B
HP LaserJet 5200N
08.180.1B
HP Color LaserJet CP6015
04.150.0B
HP Color LaserJet CM6030
52.190.1B
HP Color LaserJet CM6040
52.190.1B
HP LaserJet 9040
08.220.1B
HP LaserJet M9040 Multifunction Printer
51.190.1B
HP LaserJet 9050
08.220.1B
HP LaserJet M9050 Multifunction Printer
51.190.1B
HP 9250c Digital Sender
48.230.0B
How to Download the Firmware Update
Browse to www.hp.com/go/support then:
Select "Drivers & Software"
Enter the product name listed in the table above into the search field
Click on "Search"
If the search returns a list of products click on the appropriate product
Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)"
If the "Cross operating system ..." link is not present, select any Windows operating system from the list.
Select the appropriate firmware update under "Firmware"
How to Disable the Remote Firmware Update (RFU)
For instructions about how to disable the RFU please refer to the following document: Configuring Remote Firmware Update on HP Printers and Multifunction Devices
The document is available using ftp:
ftp.usa.hp.com
account: sb02728
password: Secure12
or
ftp://sb02728:Secure12@ftp.usa.hp.com/
File name: Configuring Remote Firmware Update on HP Printing Devices.pdf
HISTORY
Version:1 (rev.1) - 30 November 2011 Initial release
Version:2 (rev.2) - 23 December 2011 Code signing firmware available
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk70SlMACgkQ4B86/C0qfVnW0gCfWhmGFhR35DVsXxJKLz3jZyOm
J54An0Fkzq+mLKBxHvtFE2MHOvpxLtR9
=AzNK
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03128302
Version: 1
HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-12-22
Last Updated: 2011-12-22
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Database Archiving Software. These vulnerabilities could be exploited remotely to execute arbitrary code.
References: CVE-2011-4163 (ZDI-CAN-1213, SSRT100518)
CVE-2011-4164 (ZDI-CAN-1214, SSRT100519)
CVE-2011-4165 (ZDI-CAN-1263, SSRT100520)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Database Archiving Software v6.31
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-4163 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2011-4164 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2011-4165 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks AbdulAziz Hariri along with TippingPoint's Zero Day Initiative for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has made "DBARCH631_hotfix35 - platform independent HP Database Archiving software 6.31" available to resolve the vulnerabilities.
DBARCH631_hotfix35 is available by contacting the normal HP Services support channel.
MANUAL ACTIONS: Yes - NonUpdate
Install DBARCH631_hotfix35.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP Database Archiving Software v6.31
HP-UX B.11.11
=============
action: install DBARCH631_hotfix35 if running HP Database Archiving Software v6.31
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 22 December 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk7zPMEACgkQ4B86/C0qfVlBjQCeOHOKV+q7TpSsVELozDM6MECx
z5gAoIfH2SjTeWX2PH2mONw/XxCc7AI3
=AZTK
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-12-001 : HP Managed Printing Administration img_id Multiple
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-12-001
January 5, 2012
- -- CVE ID:
CVE-2011-4169
- -- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
- -- Affected Vendors:
Hewlett-Packard
- -- Affected Products:
Hewlett-Packard Managed Printing Administration
- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11957.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
- -- Vulnerability Details:
This vulnerability allows remote attackers to remotely manipulate the
application database and delete arbitrary files on vulnerable
installations of HP Managed Printing Administration. Authentication is
not required to exploit this vulnerability.
The specific flaw exists and is duplicated within the following scripts:
\Inetpub\wwwroot\hpmpa\mpl\view\config\imglist\imgselect\Default.asp
\Inetpub\wwwroot\hpmpa\mpl\view\config\imgmap\bgselect\Default.asp
\Inetpub\wwwroot\hpmpa\mpl\view\config\imgmap\imgselect\Default.asp
Input via the img_id parameter to the aforementioned scripts can be
manipulated to perform SQL injection. Additionally, directory traversal
can be used on this parameter to delete arbitrary files.
- -- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03128469
- -- Disclosure Timeline:
2011-04-04 - Vulnerability reported to vendor
2012-01-05 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* Andrea Micalizzi aka rgod
- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJPBhFWAAoJEFVtgMGTo1scvhEH/2kVXpMv6L2zQt3XtGrg13cF
rlNceGismLCBi/XjjHUSmfpW0QAZKikSkaukj8h1sGZtn62TYjqPuWkfIZOy0EeL
zRQeFzsAUn2Q+P0UgDQMPNS2t2UYuG0R/B+ovFkKszE+i8jqlVFnAETREcPS6Lzf
7z8g3jyL2nnPLxwWp3pvlAg9fKSqdK88y2uMRxuYuW/ZHUEmo8Qm87BvjyUQhUPs
Qxe5fOPmRt1i53G5jkGAZu9rj6nHbZL67w34pFnWEWbM5YSkozFhFP2IwyrgG6ms
ad+EGlKDmILyM2XDhPtlYAYY2JTLfGhzsO1rHj2BRYRQ0nZi5Bx1/3XZv4Lr/Ug=
=91bF
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-002
January 5, 2012
- -- CVE ID:
CVE-2011-3167
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected Vendors:
Hewlett-Packard
- -- Affected Products:
Hewlett-Packard OpenView Network Node Manager
- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11952.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of OpenView Network Node Manager.
Authentication is not required to exploit this vulnerability.
The specific flaw exists within ov.dll. When processing a user supplied
file name for the textFile option, there exists an insufficient boundary
check before supplying the value to a format string within _OVBuildPath,
causing a stack overflow. This can lead to memory corruption which can
be leveraged to execute arbitrary code under the context of the target
service.
- -- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03054052
- -- Disclosure Timeline:
2011-05-12 - Vulnerability reported to vendor
2012-01-05 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* Aniway (Aniway.Anyway@gmail.com)
- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJPBhGKAAoJEFVtgMGTo1sc9iMIAKQvY/dI3KyzEMtF9fFKwr0r
hNN++wJsxKzXQP4DDmgRbnFbTOeg93x7ytaPxqcmxJRhjXqLIdnk8eevi/YNP8o5
zqB19Ty4Oo+Ie0zI+ZAdkZODhilf76QL23k/HP4mB7F+IO0ZEQ7tJTQ5clxxJfni
ocugYsqbjII9TIAeAAEZnNKFmcYqq8AU7jwtcITk3m3cq2F3dsB8AKIvtYKd2rqY
3PfvNGuFXxYP+qv95ijERoAY6XsiMFncmnIQ0oURMDMPsZUv7kgBcSYDJ+k6rZnW
scRq7MZg+ATE0KgpDlN/EHEOx0r7bjCigs0oRiiffi7+62U3YjO/rMRUYiNZcZc=
=SgJL
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-003
January 5, 2012
- -- CVE ID:
CVE-2011-3166
- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C
- -- Affected Vendors:
Hewlett-Packard
- -- Affected Products:
Hewlett-Packard OpenView Network Node Manager
- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11943.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of OpenView Network Node Manager.
Authentication is not required to exploit this vulnerability.
The specific flaw exists within webappmon.exe CGI program. When
processing crafted parameters, there exists an insufficient boundary
check before supplying a format string with the values, causing a stack
overflow. This can lead to memory corruption which can be leveraged to
execute arbitrary code under the context of the target service.
- -- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03054052
- -- Disclosure Timeline:
2011-05-12 - Vulnerability reported to vendor
2012-01-05 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* Aniway (Aniway.Anyway@gmail.com)
- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJPBhG6AAoJEFVtgMGTo1sc/9cIALS1233RMFi+93kp6BjenNWs
anSiMKoxE4NdvAU3wuL5y9JmVE6VyqgU9a3rH3mHfkrzKciJcHN0Dj8uhYyskkKg
eGEhE77hyHCwV+YGl87w+XuV3idzYajvoToFM8YKeQ154KG5HO/pQywLJUzkO0Iu
QYbD7cr8jNwawQvATfFzJicmaXwdTJBhUQj4VHsKttA6OibArWeOja/wkSAJVX3z
sGOsbnWKumMQSk/sB+ikTqR90Jk/jebCfPPKqQJnZCvusR1GylweNpk6hbt80WO3
zl9tWLG42hR8lj8SJ8AvSeYquavMajhd5ocM2LTrV3BvQYs5+jI7QDjZqcPIWnc=
=kumy
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03102449
Version: 3
HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-11-30
Last Updated: 2012-01-09
Potential Security Impact: Remote firmware update enabled by default
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware.
References: CVE-2011-4161
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
below for a list of impacted products.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-4161 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
Note: For further information on Secure Printing and Imaging please refer to http://www.hp.com/go/secureprinting
Remote Firmware Update (RFU): The Remote Firmware Update (RFU) feature is enabled by default. A firmware update can be sent remotely to port 9100 without authentication. This could allow unauthorized modification of the device firmware. The unauthorized firmware could impact the confidentiality and integrity of data sent to and received from the device. The unauthorized firmware could also cause a Denial of Service (DoS) to the device.
RESOLUTION
The following steps can be taken to avoid unauthorized firmware updates:
Update the firmware to a version that implements code signing
Disable the Remote Firmware Update
The code signing feature verifies that firmware updates are properly signed. This will prevent the installation of invalid firmware updates.
Note: A firmware update may be required to allow the RFU to be disabled or to implement code signing. Code signing is not available on all the affected devices. Please refer to the following table.
Product
Firmware Update Required to Allow Disabling RFU
Firmware Update Required for Code Signing
HP LaserJet Enterprise 500 color M551
No update required
No update required
HP LaserJet Enterprise 600 M601
No update required
No update required
HP LaserJet Enterprise 600 M602
No update required
No update required
HP LaserJet Enterprise 600 M603
No update required
No update required
HP Color LaserJet CM1312 Multifunction Printer
20111209 or later
Code signing not available
HP LaserJet Pro CM1415 Color Multifunction Printer
20111215 or later
No update required
HP Color LaserJet CP1510
20111209 or later
Code signing not available
HP LaserJet M1522 Multifunction Printer
20111212 or later
Code signing not available
HP LaserJet Pro CP1525 Color Printer
20111215 or later
No update required
HP LaserJet Pro M1536 Multifunction Printer
20111215 or later
No update required
HP Color LaserJet CP2025
20111208 or later
Code signing not available
HP LaserJet P2035
20111213 or later
Code signing not available
HP LaserJet P2055
20111214 or later
Code signing not available
HP Color LaserJet CM2320 Multifunction Printer
20111209 or later
Code signing not available
HP LaserJet M2727 Multifunction Printer
20111212 or later
Code signing not available
HP Color LaserJet 3000
No update required
Code signing not available
HP LaserJet P3005
No update required
Code signing not available
HP LaserJet Enterprise P3015
No update required
20011213 07.130.0B or later
HP LaserJet M3027 Multifunction Printer
No update required
20111212 48.240.0B or later
HP LaserJet M3035
No update required
20111212 48.240.0B or later
HP Color LaserJet CP3505
No update required
Code signing not available
HP Color LaserJet CP3525
No update required
20111212 06.130.0B or later
HP Color LaserJet CM3530
No update required
20111213 53.170.1B or later
HP Color LaserJet 3800
No update required
Code signing not available
HP Color LaserJet CP4005
No update required
Code signing not available
HP LaserJet P4014
No update required
20111214 04.160.2B or later
HP LaserJet P4015
No update required
20111214 04.160.2B or later
HP LaserJet 4240
No update required
Code signing not available
HP LaserJet 4250
No update required
Code signing not available
HP LaserJet M4345 Multifunction Printer
No update required
20111212 48.240.0B or later
HP LaserJet 4350
No update required
Code signing not available
HP LaserJet P4515
No update required
20111214 04.160.2B or later
HP Color LaserJet Enterprise CP4525
No update required
20111213 07.110.2B or later
HP Color LaserJet Enterprise CM4540 Multifunction Printer
No update required
No update required
HP LaserJet Enterprise M4555 Multifunction Printer
No update required
No update required
HP Color LaserJet 4700
No update required
Code signing not available
HP Color LaserJet 4730 Multifunction Printer
No update required
Code signing not available
HP Color LaserJet CM4730 Multifunction Printer
No update required
20111212 50.220.1B or later
HP LaserJet M5025 Multifunction Printer
No update required
20111212 48.240.0B or later
HP LaserJet M5035 Multifunction Printer
No update required
20111212 48.240.0B or later
HP LaserJet 5200L
No update required
20111214 08.180.1B or later
HP LaserJet 5200N
No update required
20111214 08.180.1B or later
HP Color LaserJet Professional CP5225 Printer
20111206 or later
Code signing not available
HP Color LaserJet CP5525
No update required
No update required
HP Color LaserJet 5550
No update required
Code signing not available
HP Color LaserJet CP6015
No update required
20111212 04.150.0B or later
HP Color LaserJet CM6030
No update required
20111212 52.190.1B or later
HP Color LaserJet CM6040
No update required
20111212 52.190.1B or later
HP CM8060 Color Multifunction Printer with Edgeline
No update required
Code signing not available
HP LaserJet 9040
No update required
20111213 08.220.1B or later
HP LaserJet M9040 Multifunction Printer
No update required
20111212 51.190.1B or later
HP LaserJet 9050
No update required
20111213 08.220.1B or later
HP LaserJet M9050 Multifunction Printer
No update required
20111212 51.190.1B or later
HP 9200c Digital Sender
No update required
Code signing not available
HP 9250c Digital Sender
No update required
20111219 48.230.0B or later
HP Color LaserJet 9500
No update required
Code signing not available
How to Disable the Remote Firmware Update (RFU)
For instructions about how to disable the RFU please refer to the following document: Configuring Remote Firmware Update on HP Printers and Multifunction Devices
The document is available using ftp:
ftp.usa.hp.com
account: sb02728
password: Secure12
or
ftp://sb02728:Secure12@ftp.usa.hp.com/
File name: Configuring Remote Firmware Update on HP Printing Devices.pdf
How to Download a Firmware Update
The table above contains links for required firmware updates. Firmware updates for any of the products can also be downloaded as follows.
Browse to www.hp.com/go/support then:
Select "Drivers & Software"
Enter the product name listed in the table above into the search field
Click on "Search"
If the search returns a list of products click on the appropriate product
Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)"
If the "Cross operating system ..." link is not present, select any Windows operating system from the list.
Select the appropriate firmware update under "Firmware"
HISTORY
Version:1 (rev.1) - 30 November 2011 Initial release
Version:2 (rev.2) - 23 December 2011 Code signing firmware available
Version:3 (rev.3) - 9 January 2012 Combined tables
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk8KykcACgkQ4B86/C0qfVl09ACg1m3AQDGq/VzvFgb4j6bj3fJU
VnkAoO9oPSjyrVB07qLIBpcXALxLRRRg
=mXzy
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03140700
Version: 1
HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-01-09
Last Updated: 2012-01-09
Potential Security Impact: Remote unauthorized access to files
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files.
References: CVE-2011-4785, DDIVRT-2011-37
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP LaserJet P3015 with firmware prior to 07.080.3
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-4785 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks the Digital Defense, Inc. (DDI) Vulnerability Research Team (VRT) for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has provided the following firmware to resolve the vulnerability.
Product
Resolved in Firmware Version
HP LaserJet P3015
07.080.3 or later
How to Download a Firmware Update
The table above contains the link for the required firmware update. Firmware updates can also be downloaded as follows.
Browse to www.hp.com/go/support then:
Select "Drivers & Software"
Enter the product name listed in the table above into the search field
Click on "Search"
If the search returns a list of products click on the appropriate product
Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)"
If the "Cross operating system ..." link is not present, select any Windows operating system from the list.
Select the appropriate firmware update under "Firmware"
HISTORY
Version:1 (rev.1) - 9 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk8KzyYACgkQ4B86/C0qfVkUfACg+xhdrs2B1yUnAAvOXn+DgnIw
+3EAoKpo/OWY5GB47Mi4pgYUVml50iXO
=tpQT
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Title: DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)
Severity: High
Date Discovered: 2011-10-12
Discovered By: Digital Defense, Inc. Vulnerability Research Team
Credited To: sxkeebler and r@b13$
Vulnerability Description:
The HP-ChaiSOE/1.0 embedded web server on certain HP JetDirect
printers allows a potential attacker to gain read only access to
directories and files outside of the web root, different from
CVE-2008-4419. An attacker can leverage this flaw to read arbitrary
system configuration files, cached documents, etc. Information
obtained from an affected host may facilitate further attacks against
the host. Exploitation of this flaw is trivial using common web server
directory traversal techniques.
Solution Description:
At this time, the vendor has been notified of the vulnerability and has
released a patch which addresses the issue for HP LaserJet P3015.
https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03140700
Tested Systems / Software:
HP LaserJet 4650
Current Firmware: 20070419 07.006.0
HP LaserJet P3015
Current Firmware: 20100518 07.050.8 (Outdated)
HP LaserJet 2430
Current Firmware: 20090624 08.113.0_I35128
Vendor Name: HP
Vendor Website: http://www.hp.com/
--- End Message ---