Next Page >>
Windows 2003 Server
Potential security vulnerabilities have been identified with HP Select Identity software. The vulnerabilities could be exploited by an authenticated user to gain unauthorized access to other user accounts.
References: CVE-2008-0709
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Select Identity software v4.00, v4.01, v4.11, v4.12, v4.13, v4.20 running on HP-UX, Windows 2003 Server, Red Hat Linux AS3 and AS4, and Solaris.
BACKGROUND
CVSS 2.0 Base Metrics
Potential security vulnerabilities have been identified with HP Select Identity software. The vulnerabilities could be exploited remotely to gain unauthorized access. The vulnerabilities can only be exploited by authenticated users.
References: CVE-2008-0214
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Select Identity software v4.00, v4.01, v4.11, v4.12, v4.13, v4.20 running on HP-UX, Windows 2003 Server, Red Hat Linux AS3 and AS4, and Solaris.
BACKGROUND
RESOLUTION
HP has provided the following software patches to resolve the vulnerability.
--------------------
This vulnerability was verified by the authors on the following platforms:
Windows NT4 SP1
Windows Server 2003 SP2
Windows XP SP3
Windows Vista x32
Windows 7 x32 RC
However, all versions of Windows implementing NTLMv1 are suspected to be
EXPLOITATION
------------
This section gives a detailed account of how this emulation flaw can
be exploited on Windows XP x64 and Windows Server 2003 x64.
Exploitation on x64 versions of *BSD is also believed to be possible,
but has not yet been proven, so a brief discussion of the BSD x64
kernel and also the Linux x64 kernel (which is believed to prevent
exploitation) is presented first.
EXPLOITATION
------------
This section gives a detailed account of how these emulation flaws can
be exploited on Windows XP x64 and Windows Server 2003 x64.
Exploitation on x64 versions of *BSD is also believed to be possible,
but has not yet been proven, so a brief discussion of the BSD x64
kernel and also the Linux x64 kernel (which is believed to prevent
exploitation) is presented first.
Compact Font Format (CFF) driver "ATMFD.dll" when processing certain
operands within an OpenType font, which could be exploited by remote
attackers to execute arbitrary code on a vulnerable Windows 7, Windows
Server 2008, Windows Server 2008 R2, and Windows Vista systems via a
malicious font, or by local attackers to gain elevated privileges on
Windows XP and Windows Server 2003 systems via a malicious application.
CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
III. AFFECTED PRODUCTS
Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited to allow remote unauthorized access.
References: none
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Select Identity v4.01 prior to v4.01.011 and v4.1x prior to v4.13.002 running on Windows 2003 Server, Red Hat Linux AS3, Solaris, and HP-UX.
BACKGROUND
RESOLUTION
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01682739
Version: 1
HPSBMA02413 SSRT080040 rev.1 - HP WMI Mapper for Windows Server 2003 and Windows Server 2008 for Itanium-based Servers, Remote Unauthorized Access to Data, Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-03-02
Last Updated: 2009-03-09
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 3
III. AFFECTED PRODUCTS
---------------------------
Internet Explorer 6 for Windows XP Service Pack 3
Internet Explorer 6 for Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 Service Pack 2
Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 SP2 (Itanium)
IV. Binary Analysis & Exploits/PoCs
Potential security vulnerability has been identified with HP System Management Homepage running PHP. These vulnerabilities could be exploited remotely to allow Cross Site Scripting (XSS) , to create a Denial of Service (DoS), or to execute arbitrary code.
References: CVE-2004-1019, CVE-2004-1020, CVE-2004-1063, CVE-2004-1064, CVE-2004-1065
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
System Management Homepage Version 2.0.0 through Version 2.0.2 for Microsoft Windows 2000, Windows Server 2003, Windows Server 2003 x64 Edition, Windows Server 2003 64-bit and Linux.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 3
. Internet Explorer 6sp2 on Windows XP sp3
. Internet Explorer 7 on Windows XP sp2
. Internet Explorer 7 on Windows XP sp3
. Internet Explorer 7 on Windows Vista sp1
. Internet Explorer 7 on Windows Vista sp2
. Internet Explorer 7 on Windows Server 2003 sp2 if
Protected Mode is OFF and not using Enhanced Security Configuration
. Internet Explorer 7 on Windows Server 2008 i
if Protected Mode is OFF and
not using Enhanced Security Configuration
. Internet Explorer 8 on Windows XP sp2
A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited to allow remote unauthorized access.
References: none
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Select Identity v4.01 prior to v4.01.011 and v4.1x prior to v4.13.002 running on Windows 2003 Server, Red Hat Linux AS3, Solaris, and HP-UX.
BACKGROUND
RESOLUTION
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 3
III. AFFECTED PRODUCTS
---------------------------
Microsoft Windows 7 (32-bit)
Microsoft Windows 7 (x64)
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
5. *Non-vulnerable packages*
. Windows XP SP3
. Windows XP Professional x64 Edition SP2
. Windows Server 2003 SP2
. Windows Server 2003 x64 Edition SP2
. Windows Server 2003 with SP2 for Itanium-based Systems
. Windows Vista SP1 and Windows Vista SP2
. Windows Vista x64 Edition SP1 and Windows Vista x64 Edition SP2
. Windows Server 2008 for 32-bit Systems and Windows Server 2008 for
A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited remotely to gain unauthorized access.
References: CVE-2007-6194
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Select Identity v4.01 prior to v4.01.012 and v4.1x prior to v4.13.003 running on Windows 2003 Server, Red Hat Linux AS3, Solaris, and HP-UX.
BACKGROUND
RESOLUTION
HP has provided the following software patches to resolve the vulnerability. Please contact normal HP Services support channels to receive the patches.
III. AFFECTED PRODUCTS
---------------------------
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
Microsoft Windows 7 (32-bit)
Microsoft Windows 7 (64x)
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (64x)
Windows XP SP 3
Windows XP Professional x64 Edition SP 2
Windows Server 2003 SP 2
Windows Server 2003 x64 Edition SP 2
Windows Server 2003 with SP2 for Itanium-based Systems
transferring local audio and video information to remote and so on.
Affected Software Versions:
Microsoft Windows Live Messenger 4.7 on Windows XP and Windows Server 2003
Microsoft Windows Live Messenger 5.1 on Windows 2000, Windows XP
and Windows Server 2003
. Windows 7
. Windows Vista
. Windows Server 2008 R2
. Windows Server 2008
. Microsoft Windows XP
. Microsoft Windows Server 2003
5. *Non-vulnerable packages*
. Windows 7 with MS10-048
HP-UX B.11.31 (11i v3)
A.11.17.01
A.05.01, A.05.02
Red Hat Linux Advanced Server 2.1, Red Hat Enterprise Linux 3 or 4, SLES8/United Linux 1.0, Novell Linux Desktop 9, SLES9, Microsoft Windows XP Pro, Microsoft Windows 2000 Professional with SP1 or later, Windows 2003 Server Edition
A.11.16, A.11.17
A.05.00
Red Hat Enterprise Linux 4, SLES9, SLES10, Novell Linux Desktop 10.1, Windows XP Pro, Windows 2003 Server or Windows 2000 Professional with SP1 or later
A.11.16, A.11.17, A.11.17.01
- Juha-Matti
"CaseArmour.net Security Administrator" <security@casearmour.net> kirjoitti:
> It would be useful to know if this is also an issue with msjet40.dll
> 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer
> for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
> SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing
> because I don't have many apps that still use MDAC.
>
> On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@gmail.com>
be affected, including but not limited to the following actively supported
versions:
- Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
--------------------
iDefense has confirmed the existence of this vulnerability in the
following Microsoft products:
Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
The following products are not affected:
Windows Vista
Next Page>>
|
