wwwoldi.ru

Главная | Actual Topics | Обратная связь | Guest Book | В избранное | Сделать домашней
Категории
 Безопасность
 Деньги в Сети
 Право в Сети
 Сети
 Видео
 Процессоры
 Платформа
 Antivirus & Firewall
Календарь

June, 2016
ПнВтСрЧтПтСбВс
12345
6789101112
13141516171819
20212223242526
27282930
Опросы
Какой антивирус Вы предпочитаете для защиты Вашего компьютера?

Kaspersky Anti-Virus
Trend Micro Internet Security
Dr.Web
Panda Antivirus
Eset NOD32 Antivirus
Norton Antivirus
AVG Anti-Virus
CA Anti-Virus
Антивирус Stop!
Avast!
Зачем казе баян?


Результаты
Другие опросы

Всего голосов: 90
Комментарии: 0
Ссылки

Архив Новостей
  June 2016 (13)
  May 2016 (36)
  April 2016 (43)
  March 2016 (52)
  February 2016 (53)
  January 2016 (52)
  December 2015 (58)
  November 2015 (57)
  October 2015 (53)
  September 2015 (50)
  August 2015 (56)
  July 2015 (59)
  June 2015 (63)
  May 2015 (16)
  April 2015 (13)
  March 2015 (34)
  February 2015 (46)
  January 2015 (1)
  December 2014 (3)
  September 2014 (16)
  August 2014 (17)
  July 2014 (18)
  June 2014 (17)
  May 2014 (16)
  April 2014 (18)
  March 2014 (17)
  February 2014 (20)
  January 2014 (14)
  December 2013 (68)
  November 2013 (91)
  October 2013 (100)
  September 2013 (102)
  August 2013 (93)
  July 2013 (88)
  June 2013 (88)
  May 2013 (97)
  April 2013 (113)
  March 2013 (105)
  February 2013 (96)
  January 2013 (96)
  December 2012 (98)
  November 2012 (100)
  October 2012 (118)
  September 2012 (102)
  August 2012 (108)
  July 2012 (104)
  June 2012 (107)
  May 2012 (146)
  April 2012 (213)
  March 2012 (238)
  February 2012 (223)
  January 2012 (168)
  December 2011 (219)
  November 2011 (256)
  October 2011 (263)
  September 2011 (231)
  August 2011 (201)
  July 2011 (211)
  June 2011 (218)
  May 2011 (221)
  April 2011 (251)
  March 2011 (231)
  February 2011 (197)
  January 2011 (220)
  December 2010 (271)
  November 2010 (250)
  October 2010 (245)
  September 2010 (268)
  August 2010 (263)
  July 2010 (262)
  June 2010 (286)
  May 2010 (250)
  April 2010 (274)
  March 2010 (318)
  February 2010 (259)
  January 2010 (259)
  December 2009 (305)
  November 2009 (50)
  June 2009 (459)
  May 2009 (550)
  April 2009 (532)
  March 2009 (510)
  February 2009 (512)
  January 2009 (451)
  December 2008 (428)
  November 2008 (169)
  October 2008 (602)
  September 2008 (496)
  August 2008 (406)
  July 2008 (47)
  June 2008 (42)
  May 2008 (23)
  April 2008 (20)
  March 2008 (21)
  February 2008 (17)
  January 2008 (16)
  December 2007 (13)
  November 2007 (8)
  October 2007 (8)
  September 2007 (5)
  August 2007 (6)
  July 2007 (8)
  June 2007 (5)
  May 2007 (6)
  April 2007 (12)
  March 2007 (6)
  February 2007 (9)
  January 2007 (8)
  December 2006 (11)
  November 2006 (6)
  October 2006 (5)
  September 2006 (3)
  August 2006 (3)
  July 2006 (6)
  June 2006 (1)
  May 2006 (9)
  April 2006 (5)
  March 2006 (5)
  February 2006 (1)
  January 2006 (4)
  December 2005 (5)
  November 2005 (7)
  October 2005 (3)
  September 2005 (3)
  August 2005 (1)
  July 2005 (4)
  June 2005 (3)
  May 2005 (1)
  April 2005 (3)
  March 2005 (4)
  February 2005 (2)
  January 2005 (2)
  December 2004 (2)
  November 2004 (3)
  October 2004 (2)
  August 2004 (1)
  July 2004 (2)
  June 2004 (2)
  May 2004 (3)
  March 2004 (1)
  February 2004 (1)
  January 2004 (1)
  December 2003 (3)
  November 2003 (1)
  October 2003 (2)
  September 2003 (2)
  August 2003 (1)
  June 2003 (1)
  May 2003 (1)
  April 2003 (3)
  March 2003 (1)
  February 2003 (3)
  December 2002 (1)
  October 2002 (4)
  February 2002 (1)
  January 2002 (2)
  December 2001 (1)
  November 2001 (1)
  September 2001 (2)
  August 2001 (1)
  May 2001 (1)
  March 2001 (7)
  February 2001 (1)
  January 2001 (1)
  July 2000 (1)
  March 2000 (1)
  January 2000 (2)
  October 1999 (1)

HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code

Безопасность -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01723303
Version: 1

HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-04-27
Last Updated: 2009-04-27

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code.

References: CVE-2008-2438

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows

BACKGROUND

CVSS 2.0 Base Metrics
===============================================
Reference                         Base Vector               Base Score
CVE-2008-2438     (AV:N/AC:L/Au:N/C:P/I:P/A:N)      6.4
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.

The Hewlett-Packard Company thanks Dyon Balding, Secunia Research for reporting this vulnerability to [email protected].

RESOLUTION

HP has made patches available to resolve the vulnerability for NNM v7.53.
HP has made archive files available to resolve the vulnerability for NNM v7.01.

The patches are available from http://support.openview.hp.com/selfsolve/patches

Note: The patches are not available from the HP IT Resource Center (ITRC).

The archive files are available from: ftp://ss080125:ss080125/@hprc.external.hp.com

To install the archive files for NNM v7.01:
===============================
1. Install the required patch listed below
2. Uncompress the archive (SSRT080125.701_IP12.hotfix.tar.gz)
3. Unpack the archive (SSRT080125.701_IP12.hotfix.tar)
4. ovstop -c
5. Follow the instructions in the README.txt file
6. ovstart -c

OV NNM v7.53
Operating System
Required Patch

HP-UX (IA)
PHSS_39246 or subsequent

HP-UX (PA)
PHSS_39245 or subsequent

Linux RedHatAS2.1
LXOV_00093 or subsequent

Linux RedHat4AS-x86_64
LXOV_00094 or subsequent

Solaris
PSOV_03519 or subsequent

Windows
NNM_01197 or subsequent



OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above. Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available here: ftp://nnm_753:update/@hprc.external.hp.com/

OV NNM v7.01 with Intermediate Patch 12
Operating System
Required Patch
Archive File
Archive File MD5 Sum

HP-UX (PA)
PHSS_38761
SSRT080125.701_IP12.hotfix.tar
dbe7aec4e4a800c13eee0a46cd93f516

Solaris
PSOV_03516
SSRT080125.701_IP12.hotfix.tar
dbe7aec4e4a800c13eee0a46cd93f516

Windows
NNM_01194
SSRT080125.701_IP12.hotfix.tar
dbe7aec4e4a800c13eee0a46cd93f516


MANUAL ACTIONS: Yes - NonUpdate
Apply the appropriate archive as described in the Resolution.

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS (for HP-UX)

For HP-UX OV NNM 7.51 and 7.53
HP-UX B.11.31
HP-UX B.11.23 (IA)
HP-UX B.11.23 (PA)
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.50.00
action: install the patches and archive files listed in the Resolution
URL: ftp://ss080125:ss080125/@hprc.external.hp.com

For HP-UX OV NNM 7.01
HP-UX B.11.11
=============
OVNNMgr.OVNNM-RUN,fr=B.07.01.00
action: install the patches and archive files listed in the Resolution
URL: ftp://ss080125:ss080125/@hprc.external.hp.com

END AFFECTED VERSIONS (for HP-UX)

HISTORY
Version:1 (rev.1) - 27 April 2009 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: [email protected]
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
  To: [email protected]
  Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and save.


To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.


To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do


* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.


"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

╘Copyright 2009 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBSfW8kOAfOvwtKn1ZEQKwKACcC+BvfjBbpm6WNpe9TY9OQYjLp8MAoOA2
7aVK05XyyOhCe9kEu8f2v6BW
=X22X
-----END PGP SIGNATURE-----



  


Разместил: SecurityLab.ru - Уведомления | Дата: 28.04.2018 | Прочитано: 657 | Раздел: Безопасность   

Рейтинг статьи

Средняя оценка: 0.00/0Средняя оценка: 0Всего голосов:0



Смотрите также связанные темы

11.06.2018 CVE-2009-1420
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
18.08.2018 CVE-2008-3703
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create"snapshots schedules"registry values specifying future command execution.  NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
23.10.2018 CVE-2008-4728
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method.  NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
23.10.2018 CVE-2008-4729
Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbird Xweb ActiveX Control 13.0 and earlier allows remote attackers to execute arbitrary code via a long PlainTextPassword property.  NOTE: code execution might not be possible in 13.0.
30.10.2018 CVE-2008-4801
Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.
22.06.2018 CVE-2009-2169
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method.  NOTE: this can be leveraged for code execution by writing to a Startup folder.
18.03.2018 Honeywell HSC Remote Deployer ActiveX Remote Code Execution
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. #   http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote   Rank = ExcellentRanking   include Msf::Exploit::Remote::HttpServer::HTML   include Msf::Exploit::EXE   def initialize(info={})     super(update_info(info,     ...
26.03.2018 HP Intelligent Management Center Arbitrary File Upload Exploit
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. #   http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote   Rank = GreatRanking   HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] }   include Msf::Exploit::Remote::HttpClient   include Msf::Exploit::FileDropper   def initialize(info = {})     super&...
12.07.2018 CVE-2012-2486
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953.
22.01.2018 CVE-2013-0209
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
Нет комментариев. Почему бы Вам не оставить свой?
Вы не можете отправить комментарий анонимно, пожалуйста зарегистрируйтесь.
Google Search
Google

Web

Топ Новостей
1: MS14-011: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
Hot NEWS!
Просмотров - 521


2: Компрометация системы в IBM Content Collector
Просмотров - 416

3: Отказ в обслуживании в FFmpeg
Просмотров - 401

4: Безопасность IOS-приложений (часть 16) – динамический анализ IOS-приложений при помощи iNalyzer
Просмотров - 291

5: Хакер обманом заполучил имя пользователя Twitter стоимостью в тыс.
Просмотров - 278

6: Межсайтовый скриптинг в Vanilla Forums
Просмотров - 270

7: Обновление PowerLoader’a для 64-разрядных систем на основе утечек кода новых эксплоитов
Просмотров - 256

8: Отчет с 17-ой встречи DEFCON группы
Просмотров - 247

9: Hetman File Repair
Просмотров - 242

10: AntiSnooper - Privacy Protection
Просмотров - 228

11: MS14-020: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)
Просмотров - 222

12: Безопасность IOS-приложений (часть 26) – Патчинг приложений при помощи IDA Pro и Hex Fiend
Просмотров - 216

13: MS14-004: Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
Просмотров - 213

14: Множественные уязвимости в Oracle Java SE Embedded
Просмотров - 212

15: Межсайтовый скриптинг в IBM InfoSphere Guardium
Просмотров - 211

16: Microsoft отказалась раскрывать клиентские данные, хранящиеся за рубежом
Просмотров - 201

17: Компрометация системы в продуктах F5
Просмотров - 198

18: Межсайтовый скриптинг в UNIT4 Prosoft HRMS
Просмотров - 198

19: CVE-2014-2223
Просмотров - 196

20: CVE-2014-3352
Просмотров - 193

Google 120X240
Ссылки

Главная | Actual Topics | Статьи | Обратная связь | printZ | Guest Book
2019 © Все права защищены. Карта сайта



.