Next Page >>
Security Patch
to the Trend ServerProtect or Trend ServerProtect Agent services.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in
ServerProtect for Windows 5.58 Build 1176 (Security Patch 3). Previous
versions, as well as versions for other platforms, are suspected to be
vulnerable.
V. WORKAROUND
HP has provided the following software patch to resolve this vulnerability: HP SoftPaq SP38166
The patch is available for download from ftp://ftp.hp.com/pub/softpaq/sp38001-38500/.
Removing or un-installing Quick Launch Button software does not eliminate the vulnerability. HP suggests that _all_ HP notebook PCs have the security patch promptly applied. Installing the security patch will cause a known script error when launching HP Info Center. After installing the security patch, do _not_ install any version of Quick Launch Button software except v6.4 or later (to be available at a future date). This Security Bulletin will be revised when Quick Launch Button software v6.4 is available. If the security patch is installed and Quick Launch Button software v6.3 or earlier is subsequently installed, the notebook PC will again become vulnerable to this concern and the security patch should be re-installed. Other HP Quick Launch Buttons and features are not affected by the installation of this security patch and should continue to function as designed.
HISTORY
Version:1 (rev.1) - 14 December 2007 Initial release
Support: For further information, contact normal HP Services support channel.
to the Trend ServerProtect or Trend ServerProtect Agent services.
IV. DETECTION
iDefense has confirmed the existence of these vulnerabilities in
ServerProtect for Windows 5.58 Build 1176 (Security Patch 3). Previous
versions, as well as versions for other platforms, are suspected to be
vulnerable.
V. WORKAROUND
1. Open a web browser and visit http://www.hp.com
2. In the Search field, type the applicable SoftPaq number form the list above (SP38166, SP38181, or SP38171). Start the search.
3. Select an item from the search results.
4. Select Installation Instructions for further information.
Note: Removing or un-installing Quick Launch Button software does not eliminate the vulnerability. HP suggests that all HP notebook PCs have the applicable security patch promptly applied.
- ->Note (for SP38166 only): Installing SP38166 will cause a known script error when launching HP Info Center. After installing the security patch, do not install any version of Quick Launch Button software except v6.4 or later (to be available at a future date). This Security Bulletin will be revised when Quick Launch Button software v6.4 is available. If the security patch is installed and Quick Launch Button software v6.3 or earlier is subsequently installed, the notebook PC will again become vulnerable to this concern and the security patch should be re-installed. Other HP Quick Launch Buttons and features are not affected by the installation of this security patch and should continue to function as designed.
HISTORY
Version:1 (rev.1) - 14 December 2007 Initial release
Resolution:
The following EMC SourceOne products contain resolutions to this issue:
EMC SourceOne Web Security Patch 6.5.2.4033
EMC SourceOne Web Security Patch 6.6.1.2194
EMC SourceOne Web Security Patch 6.7.2.2033
A patch, for the appropriate version of the software listed above, should be downloaded from Powerlink and applied to each IIS web server in a customer's deployment. The download includes directions for applying the patch to an IIS web server, depending on which SourceOne components are installed.
First upgrade the Sentinel Driver software to 7.4.0 if you are using an
earlier version.
http://safenet-inc.com/support/files/Sentinel_Protection_Installer_7.4.0.zip
Then install "Security Patch to Sentinel Protection Installer 7.4.0"
http://safenet-inc.com/support/files/SPI740SecurityPatch.zip
EXPLOIT
=======
Solution
********
Vendor fix this flaw on 27.07.2008. Security Patch can be downloaded here:
http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch/
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)
Advisories
Updated August 11, 2011
Summary:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2010-019: RSA, The Security Division of EMC, is reissuing this advisory regarding a potential cross-site scripting vulnerability that has been identified in RSA® Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Patch 105162 (Security Patch).
Security Advisory
Updated November 12, 2010
http://localhost/vtigercrm/index.php?module=Users&action=Authenticate&user_password="><script>alert(1);</script>
http://localhost/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string="><script>alert(1);</script>
Workaround/Fix
vtiger CRM Security Patch for 5.0.4 [1]
Disclosure Timeline
2008-07-28 Vendor contacted
2008-07-28 Vendor fixed issue in test environment
Install Serviceguard Manager A.05.02 or subsequent and update to Java JDK/JRE 6.0.04 or Java JDK/JRE 5.0.16 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant:
HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY:
Version: 1 (rev.1) 31 October 2007 Initial release
Third Party Security Patches:
MANUAL ACTIONS: Yes
For NNM v7.51, upgrade to NNM v7.53 and apply the appropriate patches and archive files.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
Verify group id and home directory for all accounts
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31 - Update to WU-FTPD 2.6.1 (C.2.6.1.3.0) or subsequent
HP-UX B.11.11 running ftp v2.6.x - Update to WU-FTPD 2.6.1 (B.11.11.01.011) or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
MANUAL ACTIONS: Yes - NonUpdate
Install the Oracle Critical Patch Update - April 2008.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
[+] Solution
Apply the security fix for version 3.1:
http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download
Or upgrade to version 3.1.1 from
http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/3.1.1/
MANUAL ACTIONS: Yes - NonUpdate
Download and install the preliminary software updates.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
AFFECTED VERSIONS
For BIND v9.3.2
HP-UX B.11.11
MANUAL ACTIONS: Yes - Update
Install Apache v2.0.59.00.0 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant:
HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically.
For more information see: https://www.hp.com/go/swa
HISTORY
Revision: 1 (rev.1) - 10 October 2007 Initial release
Revision: 2 (rev.2) - 16 October 2007 Corrected B.11.11 IPv4 version typo.
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For NNM v7.51, upgrade to NNM v7.53 and apply the appropriate patch.
For NNM v7.01, apply the appropriate patch and then apply the hotfix.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
MANUAL ACTIONS: Non-HP-UX only
Install the patches listed in the Resolution section for Solaris, Windows, and Linux.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY
Version:1 (rev.1) - 28 November 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Install ONCplus_B.11.31.07.01.depot
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 install PHNE_41021
HP-UX B.11.31 install ONCplus_B.11.31.09.01.depot
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY
Version: 1 (rev.1) - 13 November 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
MANUAL ACTIONS: Yes - Update
HP CIFS Server (Samba) on HP-UX B.11.11, B.11.23, B.11.31 - install vA.02.03.04 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
Next Page>>
|
