[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [security bulletin] HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd),
From: security-alert () hp ! com
Date: 2011-07-28 17:26:01
Message-ID: 20110728172601.4B13C1FCB4 () security ! hp ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02940981
Version: 1
HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd), \
Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as \
possible.
Release Date: 2011-07-27
Last Updated: 2011-07-27
------------------------------------------------------------------------------
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Data Protector's Media \
Management Daemon (mmd). The vulnerability could be remotely exploited to create a \
Denial of Service (DoS).
References: CVE-2011-2399
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector media management daemon running on any 32-bit Windows platform \
(2000, 2003, XP, 2008, Vista), HP-UX, Linux and Solaris platforms.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-2399 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following patches to resolve this vulnerability.
The patches can be retrieved from http://support.openview.hp.com/selfsolve/patches \
For HP Data Protector v6.0 media management daemon
Operating System Platform / Patch ID
Windows (2000, 2003, XP, 2008, Vista) / DPWIN_00501
HP-UX (B.11.11, B.11.23, B.11.31 PA-RISC) / PHSS_41868
HP-UX (B.11.23, B.11.31 IA-64) / PHSS_41869
Linux SLES 9, 10; RHES4 / DPLNX_00143
Solaris 2.8, 2.9, 2.10 / DPSOL_00437
For HP Data Protector v6.10 media management daemon
Operating System Platform / Patch ID
Windows (2000, 2003, XP, 2008, Vista) / DPWIN_00500
HP-UX (B.11.11, B.11.23, B.11.31 PA-RISC) / PHSS_41872
HP-UX (B.11.23, B.11.31 IA-64) / PHSS_41873
Linux SLES 9, 10; RHES4 / DPLNX_00145
Solaris 2.8, 2.9, 2.10 / DPSOL_00439
For HP Data Protector v6.11 media management daemon
Operating System Platform / Patch ID
Windows (2000, 2003, XP, 2008, Vista) / DPWIN_00520
HP-UX (B.11.11, B.11.23, B.11.31 PA-RISC) / PHSS_42234
HP-UX (B.11.23, B.11.31 IA-64) / PHSS_42235
Linux SLES 9, 10; RHES4 / DPLNX_00162
Solaris 2.8, 2.9, 2.10 / DPSOL_00456
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that \
replaces HP-UX Security Patch Check.
It analyzes all Security Bulletins issued by HP and lists recommended actions that \
may apply to a specific HP-UX system. It can also download patches and create a depot \
automatically. For more information see:
https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For HP DP v6.0 Cell Server (PA-RISC)
HP-UX B.11.11, B.11.23, B.11.31
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_41868 or subsequent
For HP DP v6.10 Cell Server
HP-UX B.11.11, B.11.23, B.11.31 (PA-RISC)
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_41872 or subsequent
For HP DP v6.11 Cell Server (PA-RISC)
HP-UX B.11.11, B.11.23, B.11.31
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_42234 or subsequent
For HP DP v6.0 Cell Server (IA-64)
HP-UX B.11.23, B.11.31
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_41869 or subsequent
For HP DP v6.10 Cell Server (IA-64)
HP-UX B.11.23, B.11.31 (IA-64)
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_41873 or subsequent
For HP DP v6.11 Cell Server (IA-64)
HP-UX B.11.23, B.11.31
==================
DATA-PROTECTOR.OMNI-CS
action: install patch PHSS_42235 or subsequent
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 18 July 2011 Initial release
Version: 2 (rev.2) - 18 July 2011 Corrected tracking number in title
Version: 3 (rev.3) - 27 July 2011 re-released
Third Party Security Patches: Third party security patches that are to be installed \
on systems running HP software products should be applied in accordance with the \
customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, \
send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts \
via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Software Product Category: The Software Product Category is represented in the title \
by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or \
omissions contained herein. The information provided is provided "as is" without \
warranty of any kind. To the extent permitted by law, neither HP or its affiliates, \
subcontractors or suppliers will be liable for incidental,special or consequential \
damages including downtime cost; lost profits;damages relating to the procurement of \
substitute products or services; or damages for loss of data, or software \
restoration. The information in this document is subject to change without notice. \
Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein \
are trademarks of Hewlett-Packard Company in the United States and other countries. \
Other product and company names mentioned herein may be trademarks of their \
respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk4xmlYACgkQ4B86/C0qfVmEYgCfdlF4hh9VGd/vRk6ALhiHgKvI
XRgAoINhTjskpHLOAhwz9F9C465ZxkrE
=89ts
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic