Next Page >>
Hot fix
A potential security vulnerability has been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerability could be exploited remotely to download arbitrary files.
References: CVE-2010-3286
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Systems Insight Manager (SIM) for HP-UX, Linux v6.0 prior to September 2010 Hotfix
HP Systems Insight Manager (SIM) for HP-UX, Linux v6.1 prior to September 2010 Hotfix
HP Systems Insight Manager (SIM) for Windows v6.0 prior to September 2010 Hotfix or prior to v6.0 Update 2
HP Systems Insight Manager (SIM) for Windows v6.1 prior to September 2010 Hotfix or prior to v6.1 Update 2
BACKGROUND
HP-UX B.11.23
HP-UX B.11.31
===========
OVO-CLT.OVO-UX11-CLT
action: install revision 3.10.040 or subsequent
URL: http://quixy.deu.hp.com/hotfix/d.php?P=lcore&N=SSRT061260+OpenView+Shared+Trace+Service&V=2.1
OVO-CLT.OVO-UXIA-CLT
action: install revision 3.10.040 or subsequent
URL: http://quixy.deu.hp.com/hotfix/d.php?P=lcore&N=SSRT061260+OpenView+Shared+Trace+Service&V=2.1
HP-UX B.11.23
HP-UX B.11.31
===========
OVO-CLT.OVO-UX11-CLT
action: install revision 3.10.040 or subsequent
URL: http://quixy.deu.hp.com/hotfix/d.php?P=lcore&N=SSRT061260+OpenView+Shared+Trace+Service&V=2.1
OVO-CLT.OVO-UXIA-CLT
action: install revision 3.10.040 or subsequent
URL: http://quixy.deu.hp.com/hotfix/d.php?P=lcore&N=SSRT061260+OpenView+Shared+Trace+Service&V=2.1
RESOLUTION
HP has provided the following software updates to resolve the vulnerability.
The updates can be downloaded from http://www.hp.com/go/hpsim
Hot Fix Update Kit for HP SIM 5.3 - HP-UX
Hot Fix Update Kit for HP SIM 6.0 - HP-UX
Hot Fix Update Kit for HP SIM 5.3 - Linux
The Hewlett-Packard Company thanks Stephen Fewer of Harmony Security along with TippingPoint's Zero Day Initiative for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made a hotfix available to resolve the vulnerability for HP OpenView Performance Insight Server v5.4 and v5.41.
Note: A new hotfix is available. It supersedes the previous hotfix. The new hotfix is required even if the previous hotfix has been installed.
For HP OpenView Performance Insight Server v5.4 and v5.41
+------------------
Panda Advisory
http://www.pandasecurity.com/homeusers/support/card?id=80173&idIdioma=2
Panda Global Protection 2010 Hotfix
http://www.pandasecurity.com/resources/sop/PGP10/hfgp30906s22_r4.exe
Panda Internet Security 2010 Hotfix
http://www.pandasecurity.com/resources/sop/PIS10/hfp150906s25_r1.exe
The Hewlett-Packard Company thanks Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made hotfixes available to resolve the vulnerabilities for NNM v7.53.
OV NNM v7.53
The hotfix files are available using ftp:
Independently of the data network access used by the mobile device, at some point the web traffic will enter on the public Internet in the clear (unencrypted), where it can be intercepted by anyone with access to capture the traffic on any of the intermediate network segments between the mobile device and Twitter.
The fact that Twitter credentials can be easily eavesdropped has a pretty significant impact, as most users assume other users credentials have not been hijacked, therefore, they blindly trust tweets (or microblog/blog posts) coming from trusted parties (their friends, people they frequently follow, public personalities...). Twitter account hijacking can be used for web-based & client-based targeted attacks (specially through the use of short URLs), and can cause a significant damage to the image and credibility of the victim user.
While analyzing in-depth the affected HTC Peep version and the version associated to the temporary hotfix provided by HTC, we collected the following details from the Windows Mobile registry:
[HKEY_LOCAL_MACHINE\Software\OEM\MASD]
"Manila_Twitter"="2_5_19212224_0"
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\HotFix]
The Hewlett-Packard Company thanks Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made hotfixes available to resolve the vulnerabilities for NNM v7.53.
OV NNM v7.53
The hotfix files are available using ftp:
Solution:
---------
The following patches have been supplied by Check Point:
- Hotfix for R65.70
- Hotfix for R70.40
- Hotfix for R71.30
- Hotfix for R75
- Hotfix for Connectra R66.1
- Hotfix for Connectra R66.1n
The Hewlett-Packard Company thanks Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made a hotfix available to resolve the vulnerability.
OV NNM v7.53
The hotfix is available using ftp:
Managed Cisco Security Agents
+----------------------------
Fixed software for managed Cisco Security Agents is available in the
form of hotfixes. The following table contains hotfix information for
the current supported versions of Cisco Security Agent. Future versions
of Cisco Security Agent will have the fix included.
+----------------------------------------+
| Affected Cisco Security | Hotfix |
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made a hotfixes available to resolve these vulnerabilities for NNMi v9.0x and NNMi v8.1x. The hotfixes can be obtained by contacting the normal HP Services support channel.
For NNMi 9.0x
Operating System
Hotfix Identifier
The Hewlett-Packard Company thanks Tenable Network Security for reporting CVE-2011-2410 to security-alert@hp.com.
RESOLUTION
HP has made a hotfix available to resolve the vulnerabilities for HP OpenView Performance Insight v5.41.002.
For HP OpenView Performance Insight v5.3, v5.31, v5.4, v5.41, v5.41.001, v5.41.002
32-bit Version
Then, fval will run any file in the
%SystemDrive%\%ProgramFiles%\Flexvision\Plugins directory.
By default, Windows fval has several 32bit Portable Executable (.EXE)
files to provide inventory data to the central console, but most
interesting is the hotfix.exe file, which lists all the installed
HotFixes on the host:
-----------------------------------------------------------------------
vrh@victim01:~$ telnet 192.168.1.2 3810
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made a hotfix available to resolve this vulnerability. The hotfix can be obtained by contacting the normal HP Services support channel. The hotfix identifier is QCCR1B87364.
Before installing the hotfix insure that the following patches have been installed.
NNMi v9.0x Required Patches
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made a hotfix available to resolve this vulnerability. The hotfix can be obtained by contacting the normal HP Services support channel. The hotfix identifier is QCCR1B87365.
Before installing the hotfix insure that the following patches have been installed.
NNMi v9.0x Required Patches
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made a hotfixes available to resolve this vulnerability. The hotfixes can be obtained by contacting the normal HP Services support channel.
NNMi Version
Hotfix Identifier
NNMi v9.0x
Affected Software: Panda Internet Security 2008
Panda Antivirus+Firewall 2008
Remotely Exploitable: No
Locally Exploitable: Yes
Vendor URL: http://www.pandasecurity.com
Vendor Status: Vendor has released a hotfix
Patch development time: 60 days
======================
Vulnerability details:
Recommendation:
RSA strongly recommends that all customers running RSA Access Manager Server versions 5.5.3, 6.0.4, and 6.1 apply the following security hot fixes, which contain the resolution to this issue, at the earliest opportunity. The hotfix can be downloaded from SecurCare Online or by contacting RSA Security Customer Support.
•Security Hot fix # 5.5.3.173 for RSA Access Manager Server version 5.5.3
•Security Hot fix # 6.0.4.58 for RSA Access Manager Server version 6.0.4
•Security Hot fix # 6.1.2.06 for RSA Access Manager Server version 6.1.2
•Security Hot fix # 6.1.3.01 for RSA Access Manager Server version 6.1.3
RESOLUTION
HP OpenView Reporter v3.7
HP has provided a hotfix to resolve this vulnerability for HP OpenView Reporter v3.7. Please contact the normal HP Services support channel and request the LCore - XPL Hotfix: "Trace Service crashes due to improper handling of Trace Event Message."
HP Reporter v3.8
HP has provided a hotfix to resolve this vulnerability for HP Reporter v3.8. Please contact the normal HP Services support channel and request the LCore - XPL Hotfix: "Hotfix XPL 6.0."
Summary:
RSA(r) Federated Identity Manager may be impacted by potential arbitrary
URL redirection vulnerability that may be exploited by malicious people
to bypass certain security restrictions. Security hot fix [hot fix
numbers, see below], containing the resolution to this issue, should be
applied at the earliest opportunity.
+------------------
Panda Advisory
http://www.pandasecurity.com/homeusers/support/card?id=80173&idIdioma=2
Panda Global Protection 2010 Hotfix
http://www.pandasecurity.com/resources/sop/PGP10/hfgp30906s22_r4.exe
Panda Internet Security 2010 Hotfix
http://www.pandasecurity.com/resources/sop/PIS10/hfp150906s25_r1.exe
The Hewlett-Packard Company thanks Stephen Fewer of Harmony Security along with TippingPoint's Zero Day Initiative for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made a hotfix available to resolve the vulnerability for HP OpenView Performance Insight Server v5.4 and v5.41.
For HP OpenView Performance Insight Server v5.4 and v5.41
Contact the normal HP Services support channel to request the "5.41.002 piweb HF02" hotfix.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1
Advisories
Updated October 28, 2011
Summary:
This issue has been assigned CVE-2007-5741
Affected versions
-----------------
This hotfix applies to Plone 2.5 up to and including 2.5.4, and Plone 3.0 up
to and including 3.0.2.
These fixes will be included in the upcoming 2.5.5 and 3.0.3 releases, at
which point this hotfix can be removed.
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made a hotfix available to resolve the vulnerability for HP Performance Insight v5.41.002. The hotfix can be obtained by contacting the normal HP Services support channel.
Upgrade to HP Performance Insight v5.41.002
Apply the HF04 / QCCR1B88272 hotfix
The following patches upgrade v5.4 and v5.41 to v5.41.002.
attributes onMouseOver too. However, these are usually not capable of
identifying highly optimized payload.
VI. SOLUTION
Check Point provides a hotfix for the vulnerability which should be
installed on vulnerable systems
VII. VENDOR RESPONSE
Check Point acknowledged the problem and provides a hotfix for the
Hi all;
It has been brought to our attention that a number of security
vulnerabilities have been noted in SQL-Ledger. Several of these
affect earlier versions of LedgerSMB, and three hotfixes have been
released for problems that continue to affect the LedgerSMB codebase.
As always, we highly recommend testing all hotfixes before applying
them to a production environment.
Recommendation:
We strongly recommend that RSA customers should obtain the following hot fixes:
RSA AAOP 6.0.2.1 SP1 Patch 2 customers should obtain Hotfix 430 from SecurCare Online.
RSA AAOP 6.0.2.1 SP1 Patch 3 customers should obtain Hotfix 130 from SecurCare Online.
RSA AAOP 6.0.2.1 SP2 customers should obtain Hotfix 360 from SecurCare Online.
RSA AAOP 6.0.2.1 SP2 Patch 1 customers should obtain Hotfix 140 from SecurCare Online.
Next Page>>
|
