Next Page >>
installation
Summary: CA products that embed Ingres contain multiple
vulnerabilities that can allow a remote attacker to execute
arbitrary code, gain privileges, or cause a denial of service
condition. These vulnerabilities exist in the products and on the
platforms listed below. These vulnerabilities do not impact any
Windows-based Ingres installation. The first vulnerability,
CVE-2008-3356, allows an unauthenticated attacker to potentially
set the user and/or group ownership of a verifydb log file to be
Ingres allowing read/write permissions to both. The second
vulnerability, CVE-2008-3357, allows an unauthenticated attacker
to exploit a pointer overwrite vulnerability to execute arbitrary
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView OVO Agents OVO8.x HTTPS agents on AIX, HP-UX (IA and PA), HP Tru64 Unix, Solaris, and Windows running Shared Trace Service.
BACKGROUND
- -> Note: HP OpenView Operations (OVO) requires HP OpenView Network Node Manager (OV NNM) on the OVO server. OVO will install OV NNM if it is not already present. OV NNM requires the installation of certain patches to be compatible with the resolution discussed below. To insure correct operation the recommendations of Security Bulletin HPSBMA02242 SSRT061260 must be implemented before the recommendations of this Security Bulletin.
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
The Hewlett-Packard Company thanks an anonymous researcher working with the iDefense VCP for reporting this vulnerability to security-alert@hp.com.
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
The Hewlett-Packard Company thanks an anonymous researcher working with the iDefense VCP for reporting this vulnerability to security-alert@hp.com.
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS Software Smart Install Remote Code
Execution Vulnerability
Advisory ID: cisco-sa-20110928-smart-install
Revision 1.0
Finding 1: PHP Code Execution and Persistent Cross Site Scripting
Vulnerabilities via 'setup-config.php' page.
CVE: CVE-2011-4899
The WordPress 'setup-config.php' installation page allows users to install
WordPress in local or remote MySQL databases. This typically requires a user
to have valid MySQL credentials to complete. However, a malicious user can
host their own MySQL database server and can successfully complete the
WordPress installation without having valid credentials on the target system.
HP-UX B.11.00
HP-UX B.11.11
HP-UX B.11.23
=============
action: install RADINFRAHPUX1_00009 or subsequent
URL: http://openview.hp.com/ecare/getsupportdoc?docid=RADINFRAHPUX1_00009
For CM infrastructure (Radia) v4.1
HP-UX B.11.00
B.11.31 (32-bit) / HPUXWSATW-B233-1131-32-bit
B.11.31 (64-bit) / HPUXWSATW-B233-1131-64-bit
MANUAL ACTIONS: Yes - Update
Install HP-UX Web Server Suite v3.15 or subsequent.
Install HP-UX Web Server Suite v2.33 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
==================
DATA-PROTECTOR.OMNI-CORE-IS
DATA-PROTECTOR.OMNI-HPUX-P
DATA-PROTECTOR.OMNI-OTHUX-P
DATA-PROTECTOR.OMNI-NDMP-P
action: install PHSS_41866 or subsequent
DATA-PROTECTOR.OMNI-CS
action: install PHSS_41868 or subsequent
For OV DP6.0, IA-64
HP-UX B.11.23, B.11.31
Panda Security for <Product> is the security solution for companies that
need to protect their networks, mainly workstations and file servers.
Panda Security for Business is centrally managed thanks to the
AdminSecure Console, which allows monitoring the entire network,
protecting your critical assets against all types of threats and
optimizing productivity.
(Product description from Panda Website)
This vulnerability is similar to the following vulnerabilities in Panda
Panda Security for <Product> is the security solution for companies that
need to protect their networks, mainly workstations and file servers.
Panda Security for Business is centrally managed thanks to the
AdminSecure Console, which allows monitoring the entire network,
protecting your critical assets against all types of threats and
optimizing productivity.
(Product description from Panda Website)
This vulnerability is similar to the following vulnerabilities in Panda
OV NNM v7.50
HP-UX (PA)
Upgrade to NNM v7.51 and install PHSS_36901 or subsequent
HP-UX (IA)
Upgrade to NNM v7.51 and install PHSS_36902 or subsequent
Solaris
NOTE: The SMA must have all pertinent SMA Service Packs applied
Windows 2000 Update Rollup 1
Customers are advised to download and install the Windows 2000 Update Rollup 1 for Service Pack 4 on SMA v2.1. For more information please refer to the Windows 2000 Update Rollup 1 for Service Pack 4 and Storage Management Appliance v2.1 advisory at the following website: http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=12169&prodSeriesId=315667
Windows 2000 Update Rollup 1 for SP4 does not include security updates released after April 30, 2005 starting from MS05-026. It also does not include patches MS04-003 and MS04-028. Please install these patches in addition to Windows 2000 Update Rollup 1 for SP4, if they have not been installed already
RESOLUTION
HP strongly recommends the immediate installation of all security patches that apply to third party software which is integrated with SMA software products supplied by HP, and that patches are applied in accordance with an appropriate patch management policy.
AFFECTED VERSIONS
HP-UX B.11.11
=============
Networking.NET2-KRN
action: install PHNE_33159 or subsequent
HP-UX B.11.22
=============
Networking.NET2-KRN
action: install preliminary binary files per Security Bulletin HPSBUX01164
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running BIND v9.2 or BIND v9.3
BACKGROUND
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
For BIND v9.2.0
AFFECTED VERSIONS
HP-UX B.11.11
=============
VRTSob.VEAS-FILESET
action: install patch PHCO_42175 or subsequent
HP-UX B.11.23
=============
VRTSob.VEAS-FILESET
action: install patch PHCO_42173 or subsequent
AFFECTED VERSIONS
HP-UX B.11.11
=============
VRTSob.VEAS-FILESET
action: install patch PHCO_42175 or subsequent
HP-UX B.11.23
=============
VRTSob.VEAS-FILESET
action: install patch PHCO_42173 or subsequent
has assigned the name CVE-2010-1141 to this issue.
Steps needed to remediate this vulnerability:
Guest systems on VMware Workstation, Player, ACE, Server, Fusion
- Install the remediated version of Workstation, Player, ACE,
Server and Fusion.
- Upgrade tools in the virtual machine (virtual machine users
will be prompted to upgrade).
Guest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5
has assigned the name CVE-2010-1141 to this issue.
Steps needed to remediate this vulnerability:
Guest systems on VMware Workstation, Player, ACE, Server, Fusion
- Install the remediated version of Workstation, Player, ACE,
Server and Fusion.
- Upgrade tools in the virtual machine (virtual machine users
will be prompted to upgrade).
Guest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5
Note: The SMA must have all pertinent SMA Service Packs applied
Windows 2000 Update Rollup 1
Customers are advised to download and install the Windows 2000 Update Rollup 1 for Service Pack 4 on SMA v2.1. For more information please refer to the Windows 2000 Update Rollup 1 for Service Pack 4 and Storage Management Appliance v2.1 advisory at the following website: http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=12169&prodSeriesId=315667
Windows 2000 Update Rollup 1 for SP4 does not include security updates released after April 30, 2005 starting from MS05-026. It also does not include patches MS04-003 and MS04-028. Please install these patches in addition to Windows 2000 Update Rollup 1 for SP4, if they have not been installed already
RESOLUTION
HP strongly recommends the immediate installation of all security patches that apply to third party software which is integrated with SMA software products supplied by HP, and that patches are applied in accordance with an appropriate patch management policy.
HP is providing the following software patches to resolve the vulnerability.
The patches are available from http://www.hp.com/go/softwaredepot/
HP-UX B.11.11 (11i v1)
Install update B.06.21.70 or subsequent
HP-UX B.11.23 (11i v2)
Install update B.06.21.70 or subsequent
HP-UX B.11.11 (11i v1)
HP-UX Release - B.11.11 running v9.2.0
BIND Depot name - BIND920v11.depot
MD5 Sum - F6999280DE19645EF86FF52083AACD72
HP-UX Release - B.11.23 running v9.2.0
Action - Install PHNE_37865
HP-UX Release - B.11.11 running v9.3.2
Action - Install revision C.9.3.2.3.0 or subsequent
HP-UX Release - B.11.23 running v9.3.2
BIND Depot name - BIND920v11.depot
MD5 Sum - F6999280DE19645EF86FF52083AACD72
Action - Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
HP-UX Release - B.11.23 running v9.2.0
Action - Install PHNE_37865;
Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
HP-UX Release - B.11.11 running v9.3.2
Action - Install revision C.9.3.2.3.0 or subsequent;
Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
The BIND v9.3.2 updates are available for download from http://software.hp.com .
HP-UX Release - B.11.11 running v9.3.2 - Install revision C.9.3.2.3.0 or subsequent
HP-UX Release - B.11.23 running v9.3.2 - Install revision C.9.3.2.3.0 or subsequent
HP-UX Release - B.11.31 running v9.3.2 - Install revision C.9.3.2.3.0 or subsequent
MANUAL ACTIONS: Yes - NonUpdate
NOTE: The SMA must have all pertinent SMA Service Packs applied
Windows 2000 Update Rollup 1
Customers are advised to download and install the Windows 2000 Update Rollup 1 for Service Pack 4 on SMA v2.1. For more information please refer to the Windows 2000 Update Rollup 1 for Service Pack 4 and Storage Management Appliance v2.1 advisory at the following website: http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=12169&prodSeriesId=315667
Windows 2000 Update Rollup 1 for SP4 does not include security updates released after April 30, 2005 starting from MS05-026. It also does not include patches MS04-003 and MS04-028. Please install these patches in addition to Windows 2000 Update Rollup 1 for SP4, if they have not been installed already
RESOLUTION
HP strongly recommends the immediate installation of all security patches that apply to third party software which is integrated with SMA software products supplied by HP, and that patches are applied in accordance with an appropriate patch management policy.
Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
HP-UX Release / Action
B.11.23 running v9.2.0 /
Install PHNE_37865; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
HP-UX Release / Action
B.11.11 running v9.3.2 /
Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in
B.11.11 running v9.2.0 / BIND920V15.depot / Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
HP-UX Release / Action
B.11.23 running v9.2.0 / Install PHNE_37865 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
HP-UX Release / Action
B.11.11 running v9.3.2 / Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
==================
DATA-PROTECTOR.OMNI-CORE-IS
DATA-PROTECTOR.OMNI-HPUX-P
DATA-PROTECTOR.OMNI-OTHUX-P
DATA-PROTECTOR.OMNI-NDMP-P
action: install PHSS_41363 or subsequent
DATA-PROTECTOR.OMNI-CS
action: install PHSS_41453 or subsequent
DATA-PROTECTOR.OMNI-CORE-IS
DATA-PROTECTOR.OMNI-HPUX-P
DATA-PROTECTOR.OMNI-OTHUX-P
fips_1_1_2.FIPS-LIB
fips_1_1_2.FIPS-MAN
fips_1_1_2.FIPS-MIS
fips_1_1_2.FIPS-RUN
fips_1_1_2.FIPS-SRC
action: install revision FIPS-OPENSSL-1.1.2.049 or subsequent
fips_1_2.FIPS-CONF
fips_1_2.FIPS-DOC
fips_1_2.FIPS-INC
fips_1_2.FIPS-LIB
fips_1_2.FIPS-MAN
fips_1_1_2.FIPS-LIB
fips_1_1_2.FIPS-MAN
fips_1_1_2.FIPS-MIS
fips_1_1_2.FIPS-RUN
fips_1_1_2.FIPS-SRC
action: install revision FIPS-OPENSSL-1.1.2.046 or subsequent
fips_1_2.FIPS-CONF
fips_1_2.FIPS-DOC
fips_1_2.FIPS-INC
fips_1_2.FIPS-LIB
fips_1_2.FIPS-MAN
AFFECTED VERSIONS
HP-UX B.11.11
=============
WBEMServices.WBEM-CORE
action: install PHSS_38747 or subsequent
http://itrc.hp.com
HP-UX B.11.23
=============
WBEMServices.WBEM-CORE
Next Page>>
|
