[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [security bulletin] HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd),
From:       security-alert () hp ! com
Date:       2011-07-28 17:26:01
Message-ID: 20110728172601.4B13C1FCB4 () security ! hp ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02940981
Version: 1

HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd), \
Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as \
possible.

Release Date: 2011-07-27
Last Updated: 2011-07-27

 ------------------------------------------------------------------------------

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Data Protector's Media \
Management Daemon (mmd). The vulnerability could be remotely exploited to create a \
Denial of Service (DoS).

References: CVE-2011-2399

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector media management daemon running on any 32-bit Windows platform \
(2000, 2003, XP, 2008, Vista), HP-UX, Linux and Solaris platforms.

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
  Reference              Base Vector             Base Score
CVE-2011-2399    (AV:N/AC:L/Au:N/C:N/I:N/A:C)       7.8
===========================================================
             Information on CVSS is documented
            in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following patches to resolve this vulnerability.
The patches can be retrieved from http://support.openview.hp.com/selfsolve/patches \
For HP Data Protector v6.0 media management daemon

Operating System Platform / Patch ID

Windows (2000, 2003, XP, 2008, Vista) / DPWIN_00501

HP-UX (B.11.11, B.11.23, B.11.31 PA-RISC) / PHSS_41868

HP-UX (B.11.23, B.11.31 IA-64) / PHSS_41869

Linux SLES 9, 10; RHES4 / DPLNX_00143

Solaris 2.8, 2.9, 2.10 / DPSOL_00437

For HP Data Protector v6.10 media management daemon
Operating System Platform / Patch ID

Windows (2000, 2003, XP, 2008, Vista) / DPWIN_00500

HP-UX (B.11.11, B.11.23, B.11.31 PA-RISC) / PHSS_41872

HP-UX (B.11.23, B.11.31 IA-64) / PHSS_41873
Linux SLES 9, 10; RHES4 / DPLNX_00145

Solaris 2.8, 2.9, 2.10 / DPSOL_00439

For HP Data Protector v6.11 media management daemon
Operating System Platform / Patch ID

Windows (2000, 2003, XP, 2008, Vista) / DPWIN_00520

HP-UX (B.11.11, B.11.23, B.11.31 PA-RISC) / PHSS_42234

HP-UX (B.11.23, B.11.31 IA-64) / PHSS_42235

Linux SLES 9, 10; RHES4 / DPLNX_00162

Solaris 2.8, 2.9, 2.10 / DPSOL_00456

MANUAL ACTIONS: No

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that \
replaces HP-UX Security Patch Check.

It analyzes all Security Bulletins issued by HP and lists recommended actions that \
may apply to a specific HP-UX system. It can also download patches and create a depot \
automatically. For more information see:

https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

For HP DP v6.0 Cell Server (PA-RISC)
HP-UX B.11.11, B.11.23, B.11.31
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_41868 or subsequent

For HP DP v6.10 Cell Server
HP-UX B.11.11, B.11.23, B.11.31 (PA-RISC)
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_41872 or subsequent

For HP DP v6.11 Cell Server (PA-RISC)
HP-UX B.11.11, B.11.23, B.11.31
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_42234 or subsequent

For HP DP v6.0 Cell Server (IA-64)
HP-UX B.11.23, B.11.31
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_41869 or subsequent

For HP DP v6.10 Cell Server (IA-64)
HP-UX B.11.23, B.11.31 (IA-64)
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_41873 or subsequent

For HP DP v6.11 Cell Server (IA-64)
HP-UX B.11.23, B.11.31
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_42235 or subsequent

END AFFECTED VERSIONS

HISTORY
Version: 1 (rev.1) - 18 July 2011 Initial release
Version: 2 (rev.2) - 18 July 2011 Corrected tracking number in title
Version: 3 (rev.3) - 27 July 2011 re-released

Third Party Security Patches: Third party security patches that are to be installed \
on systems running HP software products should be applied in accordance with the \
customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, \
send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts \
via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Software Product Category: The Software Product Category is represented in the title \
by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or \
omissions contained herein. The information provided is provided "as is" without \
warranty of any kind. To the extent permitted by law, neither HP or its affiliates, \
subcontractors or suppliers will be liable for incidental,special or consequential \
damages including downtime cost; lost profits;damages relating to the procurement of \
substitute products or services; or damages for loss of data, or software \
restoration. The information in this document is subject to change without notice. \
Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein \
are trademarks of Hewlett-Packard Company in the United States and other countries. \
Other product and company names mentioned herein may be trademarks of their \
                respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk4xmlYACgkQ4B86/C0qfVmEYgCfdlF4hh9VGd/vRk6ALhiHgKvI
XRgAoINhTjskpHLOAhwz9F9C465ZxkrE
=89ts
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic