Next Page >>
IBM AIX
(rpc.ttdbserverd), which when properly exploited can lead to remote compromise
of the vulnerable system.
This vulnerability was confirmed by us in the following versions of operating
systems, other operating systems and versions may be also affected.
IBM AIX Version 6.1.3
IBM AIX Version 6.1.2
IBM AIX Version 6.1.1
IBM AIX Version 6.1.0
IBM AIX Version 5.3.10
IBM AIX Version 5.3.9
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02535850
Version: 1
HPSBMA02596 SSRT100271 rev.1 - HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows , Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-10-18
Last Updated: 2010-10-18
Unicenter Workload Control Center r11
Apply the update below that is listed for your platform (note that
URLs may wrap):
AIX [3.0.3 (r64.us5/211)]
ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z
HP-UX Itanium [3.0.3 (i64.hpu/211)]
ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z
IBM AIX swcons Local Arbitrary File Access Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The swcons program is a set-uid root application which is installed by
default on IBM AIX. It allows for console logs to be temporarily logged
IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
dig is a utility that is commonly used for DNS diagnostics. Under AIX
5.2, the dig program is installed by default and is set-uid root. More
IBM AIX 5.2 crontab BSS Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The crontab program is a user utility that enables users to create,
remove, and edit cron jobs. The cron jobs will then later be executed,
IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability
iDefense Security Advisory 07.26.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 26, 2007
I. BACKGROUND
The capture program is a setuid root application, installed by default
under multiple versions of IBM AIX, that allows terminal sessions to be
IBM AIX pioout Arbitrary Library Loading Vulnerability
iDefense Security Advisory 07.26.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 26, 2007
I. BACKGROUND
The pioout program is a setuid root application, installed by default
under multiple versions of IBM AIX, that is used to interface with the
IBM AIX lquerypv Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The lquerypv utility is used to examine the properties of a physical
volume in a volume group. It is installed set-uid root by default on
IBM AIX lqueryvg Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The lqueryvg utility is used to examine the properties of disk volume
groups. It is installed set-uid root by default on multiple versions of
IBM AIX ftp domacro Parameter Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The ftp program is a client application for accessing data stored on FTP
servers. This client is responsible for interfacing with users and
IBM AIX bellmail Stack Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
bellmail is a mail user-agent (MUA) and is commonly used for accessing
locally stored electronic mail messages. Under AIX, the bellmail
IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities
iDefense Security Advisory 07.26.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 26, 2007
I. BACKGROUND
The ftp program is a client application for accessing data stored on FTP
servers. This client is responsible for interfacing with users and
9. *Report Timeline*
. 2009-10-23:
Core Security Technologies sends an email to IBM AIX Security team
requesting a security point of contact to report security bugs in
SolidDB and asks whether the report should be sent to SolidDB security
instead.
. 2009-10-27:
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 07, 2009
I. BACKGROUND
IBM's AIX is a Unix operating system based on System V, which runs on
the PowerPC (PPC) architecture. For more information, visit the product
web site at the following URL.
http://www.ibm.com/systems/power/software/aix/index.html
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02076821
Version: 1
HPSBMA02538 SSRT100136 rev.1 - HP ServiceCenter Running on AIX, HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-02
Last Updated: 2010-06-02
address! :)'
else:
createMaliciousFile(argv[1])
*Report Timeline*
2007-09-13: Email to IBM AIX security requesting security contact
information for Lotus Notes
2007-09-14: Reply from IBM AIX security team with contact information of
the IBM Lotus Notes security team
2007-09-17: Email to IBM Lotus Notes security notifying Core’s intent to
report the vulnerability in Lotus Notes and Autonomy’s KeyView SDK and
A potential vulnerability has been identified with HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) running httpd.tkd. The vulnerability could be exploited to allow remote unauthorized access to data.
References: CVE-2007-5413
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Configuration Management (CM) Infrastructure (Radia) v4.0, v4.1, v4.2, v4.2i running httpd.tkd on Windows, HP-UX, AIX, Solaris, and Linux.
HP OpenView Client Configuration Manager (CCM) v2.0 running httpd.tkd on Windows.
BACKGROUND
The Hewlett-Packard Company thanks an anonymous researcher working with TippingPoint (www.tippingpoint.com) and the Zero Day Initiative (www.zerodayinitiative.com) for reporting this to security-alert@hp.com.
Jan 23, 2008
I. BACKGROUND
The pioout program is a set-uid root application, installed by default
under multiple versions of IBM AIX, that is used to interface with the
printer driver. For more information, visit the following URL.
http://publib.boulder.ibm.com/infocenter/pseries/v5r3/topic/com.ibm.aix.cmds/doc/aixcmds4/pioout.htm
II. DESCRIPTION
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01373684
Version: 1
HPSBGN02315 SSRT071487 rev.1 - HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-25
Last Updated: 2010-05-25
http://labs.idefense.com/intelligence/vulnerabilities/
May 19, 2009
I. BACKGROUND
IBM's AIX is a Unix operating system based on System V, which runs on
the PowerPC (PPC) architecture. For more information, visit the product
web site at the following URL.
http://www.ibm.com/systems/power/software/aix/index.html
Impact: A remote attacker can exploit a buffer overflow to gain
apache privileges, or cause a denial of service.
Summary: CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX
contains multiple vulnerabilities in the Apache HTTP Server
version as shipped with ARCserve Backup. CA has issued updates
that contain version 2.0.63 of the Apache HTTP Server to address
the vulnerabilities. Refer to the References section for a list of
resolved issues by CVE identifier.
A potential security vulnerability has been identified in HP OpenView Operations (OVO) Agents running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: CVE-2007-3872
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView OVO Agents OVO8.x HTTPS agents on AIX, HP-UX (IA and PA), HP Tru64 Unix, Solaris, and Windows running Shared Trace Service.
BACKGROUND
Note: HP OpenView Operations (OVO) requires HP OpenView Network Node Manager (OV NNM) on the OVO server. OVO will install OV NNM if it is not already present. OV NNM requires the installation of certain patches to be compatible with the resolution discussed below. To insure correct operation the recommendations of Security Bulletin HPSBMA02242 SSRT061260 must be implemented before the recommendations of this Security Bulletin.
Sun Solaris 9 SPARC (64 bit only)
Sun Solaris 10 SPARC (64 bit only)
HP/UX 11.11 PA-RISC (64 bit only)
HP/UX 11.23 PA-RISC (64 bit only)
HP/UX 11.31 PA-RISC (64 bit only)
AIX 5.2 (64 bit only)
AIX 5.3 (64 bit only)
Status and Recommendation:
CA CMDB 11.0 and CA CMDB 11.1 users should upgrade to CA CMDB
Potential vulnerabilities have been identified with HP Project and Portfolio Management Center (PPMC) formerly known as Mercury IT Governance. The vulnerabilities could be exploited remotely to allow cross site scripting (XSS)
References: CVE-2010-0452
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Project and Portfolio Management Center (PPMC) 7.5 SP3 and earlier running on AIX, HP-UX, Redhat Linux, Suse Linux, Solaris and Windows Server.
HP Project and Portfolio Management Center (PPMC) 7.1 SP10 and earlier running on AIX, HP-UX, Redhat Linux, Suse Linux, Solaris and Windows Server.
BACKGROUND
CVSS 2.0 Base Metrics
A potential security vulnerability has been identified in HP OpenView Operations (OVO) Agents running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: -> CVE-2007-3872
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView OVO Agents OVO8.x HTTPS agents on AIX, HP-UX (IA and PA), HP Tru64 Unix, Solaris, and Windows running Shared Trace Service.
BACKGROUND
- -> Note: HP OpenView Operations (OVO) requires HP OpenView Network Node Manager (OV NNM) on the OVO server. OVO will install OV NNM if it is not already present. OV NNM requires the installation of certain patches to be compatible with the resolution discussed below. To insure correct operation the recommendations of Security Bulletin HPSBMA02242 SSRT061260 must be implemented before the recommendations of this Security Bulletin.
A potential security vulnerability has been identified in HP OpenView Operations (OVO) Agents running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: none
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView OVO Agents OVO8.x HTTPS agents on AIX, HP-UX (IA and PA), Solaris, and Windows.
BACKGROUND
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
Low
Platforms
Windows, AIX, HP, Sun, Linux
Affected Products
CA Service Desk 12.1
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 04, 2009
I. BACKGROUND
IBM's AIX is a Unix operating system based on System V, which runs on
the PowerPC (PPC) architecture. For more information, visit the product
web site at the following URL.
http://www.ibm.com/systems/power/software/aix/index.html
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 15, 2009
I. BACKGROUND
IBM's AIX is a Unix operating system based on System V, which runs on
the PowerPC (PPC) architecture. For more information, visit the product
web site at the following URL.
http://www.ibm.com/systems/power/software/aix/index.html
Next Page>>
|
