Next Page >>
archive files
RESOLUTION
HP has made the following procedure available to resolve the vulnerability.
Note: The resolution is contained in the archive files listed below. Before an archive file is applied a patch may be required. The patch will insure that NNM is compatible with the software files in the archive. No patch is required for NNM v7.53.
1. Install the appropriate patch listed in the table below. The patches are available from http://itrc.hp.com
2. Download the appropriate archive file listed in the table below. The archive files are available here:
ftp://ss080024:ss080024@hprc.external.hp.com/
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made archive files and patches available to resolve the vulnerability. The archive files are listed in the table below. In some cases a patch is required. The patch will insure that NNM is compatible with the software files in the archive. No patch is required for NNM v7.53
The patches are available from http://itrc.hp.com
The archive files are available from: ftp://ss080033:s080033@hprc.external.hp.com/
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Liu Zhen Hua of FortiGuard Global Security Research Team for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made archive files and patches available to resolve the vulnerability. The archive files are listed in the table below. In some cases a patch is required. The patch will insure that NNM is compatible with the software files in the archive. No patch is required for NNM v7.53
Note: The files installed for the Resolution in "rev.1" of this Security bulletin must be removed. Instructions for removing the files are in the Readme.txt file. The files recommended in "rev.1" of this Security Bulletin introduced a problem with the 'ovstop -c' command. Under certain circumstances the 'ovstop -c' command would not stop certain NNM processes. The files recommended in "rev.1" of this Security Bulletin do resolve the security vulnerability.
The patches are available from http://itrc.hp.com
The Hewlett-Packard Company thanks Oren Isacson of Core Security Technologies for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has made archive files available to resolve the vulnerabilities. The archive files are listed in the tables below. The tables also list required patches. The patches will insure that NNM is compatible with the software files in the archive.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Oren Isacson of Core Security Technologies for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has made archive files available to resolve the vulnerabilities. The archive files are listed in the tables below. The tables also list required patches. The patches will insure that NNM is compatible with the software files in the archive.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made archive files and patches available to resolve the vulnerability. The archive files are listed in the table below. In some cases a patch is required. The patch will insure that NNM is compatible with the software files in the archive. No patch is required for NNM v7.53
The patches are available from http://itrc.hp.com
The archive files are available from: ftp://ss080043:ss080043@hprc.external.hp.com/
The Hewlett-Packard Company thanks Oren Isacson of Core Security Technologies for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has made archive files available to resolve the vulnerabilities. The archive files are listed in the tables below. The tables also list required patches. The patches will insure that NNM is compatible with the software files in the archive.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
RESOLUTION
HP has made a patch available to resolve the vulnerability for NNM v7.53.
HP has made archive files and patches available to resolve the vulnerability for NNM v7.51 and NNM v7.01. The archive files are listed in the table below. The patches will insure that NNM is compatible with the software files in the archive.
The patches are available from http://itrc.hp.com
The archive files are available from: ftp://ss080043:ss080043@hprc.external.hp.com/
The Hewlett-Packard Company thanks an anonymous researcher working with the iDefense VCP for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerability for NNM v7.53. HP has made archive files available to resolve the vulnerability for NNM v7.01.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
The Hewlett-Packard Company thanks Dyon Balding, Secunia Research for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerability for NNM v7.53.
HP has made archive files available to resolve the vulnerability for NNM v7.01.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
The Hewlett-Packard Company thanks JJ Reyes, Secunia Research for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerability for NNM v7.53. HP has made archive files available to resolve the vulnerability for NNM v7.01.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
The Hewlett-Packard Company thanks Damian Frizza of Core Security Technologies for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made archive files available to resolve the vulnerability for NNM v7.53. The archive files require that certain patches be installed first.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
The Hewlett-Packard Company thanks an anonymous researcher working with the iDefense VCP for reporting CVE-2010-TBD to security-alert@hp.com
RESOLUTION
HP has made archive files available to resolve the vulnerability for NNM v7.53. The archive files require that certain patches be installed first.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
Note: The patches are not available from the HP IT Resource Center (ITRC).
HP has made a new version of the ovas program available to resolve the vulnerability for NNM v7.01. The new ovas is available as a file to be installed manually. The files are listed in the table below. The patches listed for v7.01 insure that NNM is compatible with the software files in the archive. Unpack the archive and follow the instructions in the README.txt file.
The archive files are available from: ftp://ss080033:s080033@hprc.external.hp.com/
OV NNM v7.53
===========
Operating System
Resolved in Patch
The Hewlett-Packard Company thanks Damian Frizza of Core Security Technologies for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made archive files available to resolve the vulnerability for NNM v7.53. The archive files require that certain patches be installed first.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
RESOLUTION
HP has made patches available to resolve the vulnerabilities for NNM v7.53.
HP has made archive files available to resolve the vulnerabilities for NNM v7.01. The archive files are listed in the NNM v7.01 table below. The table also lists required patches. The patches will insure that NNM v7.01 is compatible with the software files in the archive.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
The Hewlett-Packard Company thanks Damian Frizza of Core Security Technologies for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made archive files available to resolve the vulnerability for NNM v7.53. The archive files require that certain patches be installed first.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
The Hewlett-Packard Company thanks JJ Reyes, Secunia Research for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerability for NNM v7.53. HP has made archive files available to resolve the vulnerability for NNM v7.01.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
denial of service, or to cause heap corruption and potentially
further compromise a system. CA has issued fixes to address the
vulnerabilities.
The first vulnerability, CVE-2009-3587, is due to improper
handling of a specially crafted RAR archive file by the CA
Anti-Virus engine arclib component. An attacker can create a
malformed RAR archive file that results in heap corruption and
allows the attacker to cause a denial of service or possibly
further compromise the system.
The Hewlett-Packard Company thanks an anonymous researcher working with the iDefense VCP for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerability for NNM v7.53. HP has made archive files available to resolve the vulnerability for NNM v7.01.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
The Hewlett-Packard Company thanks Dyon Balding, Secunia Research for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerability for NNM v7.53. HP has made archive files available to resolve the vulnerability for NNM v7.01.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Note: The patches are not available from the HP IT Resource Center (ITRC).
ftp.usa.hp.com
nnm_753
Update53
OV NNM v7.01
Install the required patch. Then apply the archive file.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Operating_System
Required_Patch
CVE-2008-3074
Jan Minar discovered that the tar plugin of vim did not properly
sanitise the filenames in the tar archive or the name of the
archive file itself, making it prone to arbitrary code execution.
CVE-2008-3075
Jan Minar discovered that the zip plugin of vim did not properly
sanitise the filenames in the zip archive or the name of the
Summary: The CA Anti-Virus engine contains multiple
vulnerabilities that can allow a remote attacker to evade
detection by the Anti-Virus engine by creating a malformed archive
file in one of several common file archive formats. CA has
released a new Anti-Virus engine to address the vulnerabilities.
The vulnerabilities, CVE-2009-0042, are due to improper handling
of malformed archive files by the Anti-Virus engine. A remote
attacker can create a malformed archive file that potentially
contains malware and evade anti-virus detection.
ftp.usa.hp.com
nnm_753
Update53
OV NNM v7.01
Install the required patch. Then apply the archive file.
The patches are available from http://support.openview.hp.com/selfsolve/patches
Operating_System
Required_Patch
Summary: The CA Anti-Virus engine contains multiple
vulnerabilities that can allow a remote attacker to evade
detection by the Anti-Virus engine by creating a malformed archive
file in one of several common file archive formats. CA has
released a new Anti-Virus engine to address the vulnerabilities.
The vulnerabilities, CVE-2009-0042, are due to improper handling
of malformed archive files by the Anti-Virus engine. A remote
attacker can create a malformed archive file that potentially
contains malware and evade anti-virus detection.
issue affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu
10.10, and Ubuntu 11.04. (CVE-2011-1470)
It was discovered that an integer signedness error in the PHP Zip
extension could allow an attacker to cause a denial of service (CPU
consumption) via a malformed archive file. This issue affected
Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10, and
Ubuntu 11.04. (CVE-2011-1470) (CVE-2011-1471)
Update instructions:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
Description:
Previous versions of the unzip package are vulnerable to a Denial
of Service in which an attacker can provide a malformed archive
file that will cause the unzip application to crash. It has not
been determined that this vulnerability can be exploited to execute
malicious code.
http://wiki.rpath.com/Advisories:rPSA-2008-0116
confiker reference here*
IV. Common misconceptions about this "bug class"
--------------------------------------------------
- This has the same effect as adding a password to a archive file
The scanner explicitely denotes files that are passworded, an example
is an Gateway scanner that adds "Attachment not scanned" to the
subject line or otherwise indicates that the file was not scanned.
This is not the case with bypasses, in most cases the engine has not
https://issues.rpath.com/browse/RPL-2379
Description:
Previous versions of the bzip2 package are vulnerable to a Denial
of Service in which an attacker can provide a malformed archive
file that will cause applications such as bunzip2 reading the file
to crash. It has not been determined that this vulnerability can
be exploited to execute malicious code.
http://wiki.rpath.com/Advisories:rPSA-2008-0118
Next Page>>
|
