[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 332/04 - Two Hewlett Packard Security Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 332/04 dated 30.06.04  Time: 14:25  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Two Hewlett Packard Security Advisories:

1. HPSBUX01054 - SSRT3552 rev.0 - HP-UX running ARPA transport

2. HPSBUX01047 - SSRT4758 rev. 0 HP-UX ObAM WebAdmin unauthorized access



Detail
======

1. A potential vulnerability has been identified in the HP-UX ARPA Transport 
which could be exploited by a local user to create a Denial of Service (DoS).


2. A potential vulnerability has been identified with HP-UX running ObAM 5.0 
with the WebAdmin capability enabled.  This vulnerability could be exploited 
remotely to allow unauthorized access.




 


1.




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             

             ESB-2004.0434 -- HP SECURITY BULLETIN HPSBUX01054
               SSRT3552 rev.0 - HP-UX running ARPA transport
                               30 June 2004

===========================================================================

        

Product:                Networking.NET-KRN
                        Networking.NET-RUN
                        Networking.NET2-KRN
                        Networking.NMS2-KRN
                        OS-Core.CORE2-KRN
Publisher:              Hewlett-Packard
Operating System:       HP-UX 11.11
                        HP-UX 11.04
                        HP-UX 11.00
Impact:                 Denial of Service
Access Required:        Existing Account

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HP SECURITY BULLETIN


HPSBUX01054     REVISION: 0

SSRT3552 rev.0 - HP-UX running ARPA transport,
                 local Denial of Service (DoS)


 -----------------------------------------------------------------
NOTICE:
 There are no restrictions for distribution of this Bulletin  provided that it 
remains complete and intact.

 The information in this Security bulletin should be acted upon  as soon as possible.

INITIAL RELEASE:    28 June 2004



POTENTIAL SECURITY IMPACT:    Denial of Service (DoS)
                              caused by local user

SOURCE:    HEWLETT-PACKARD COMPANY
                HP Software Security Response Team

REFERENCES:    None

VULNERABILITY SUMMARY:
A potential vulnerability has been identified in the HP-UX ARPA Transport which 
could be exploited by a local user to create a Denial of Service (DoS).

SUPPORTED SOFTWARE VERSIONS*:  ONLY impacted versions are listed. 
HP-UX B.11.00, B.11.04, B.11.11.

BACKGROUND:
     AFFECTED VERSIONS

     Note: To determine if a system has an affected version,
           search the output of "swlist -a revision -l fileset"
           for an affected fileset.  Then determine if the
           recommended patch or update is installed.


     HP-UX B.11.11
     =============

     Networking.NET-KRN
     Networking.NET-RUN
     Networking.NET2-KRN
     Networking.NMS2-KRN
     OS-Core.CORE2-KRN

     action: install PHNE_29887 or subsequent

     HP-UX B.11.04
     =============

     Networking.NET-KRN
     Networking.NET-RUN
     Networking.NET2-KRN
     Networking.NMS2-KRN
     OS-Core.CORE2-KRN

     action: install PHNE_30905 or subsequent

     HP-UX B.11.00
     =============

     Networking.NET-KRN
     Networking.NET-RUN
     Networking.NET2-KRN
     Networking.NMS2-KRN
     OS-Core.CORE2-KRN

     action: install PHNE_29473 or subsequent

     END AFFECTED VERSIONS

RESOLUTION:
HP has made the following patches available to resolve this issue.

HP-UX B.11.11 - PHNE_29887

HP-UX B.11.04 - PHNE_30905

HP-UX B.11.00 - PHNE_29473

The patches are available from http://itrc.hp.com.

MANUAL ACTIONS:  No


SUPPORT: For further information, contact HP Services support
         channel.

SUBSCRIBE: To initiate a subscription to receive future HP Security Bulletins 
via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode
=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page:
Driver and Support Alerts/Notifications Sign-up: Product Selection 
Under Step1: your products 1. Select product category:
   - a minimum of servers must be selected.
2. Select product family or search:
   - a minimum of one product must be selected.
3. Add a product:
   - a minimum of one product must be added.
In Step 2: your operating system(s)
   - check ALL operating systems for which alerts are required. 
Complete the form and Save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page Subscriber's choice for Business: sign-in. On the Web page: 
Subscriber's Choice: your profile summary
- - - - - use Edit Profile to update appropriate sections.

Note: In addition to the individual alerts/notifications for the selected operating 
systems/products, subscribers will automatically receive one copy of alerts for 
non-operating system categories (i.e., a subscriber who signs up for all six operating 
system alerts will only receive one copy of all the non-operating system alerts).

HP-UX SPECIFIC SECURITY BULLETINS*:
To review previously published Security Bulletins for HP-UX: 
 http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin

Security Patch Check revision B.02.00 analyzes all HP-issued security bulletins 
to give you a subset of recommended actions that potentially affect your 
particular HP-UX system. For more information: 
<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
 displayProductInfo.pl?productNumber=B6834AA>


REPORT: To report a potential security vulnerability with any HP supported product, 
send Email to: security-alert@xxxxxxx It is strongly recommended that security 
related information being communicated to HP be encrypted using PGP, especially 
exploit information. To obtain the security-alert PGP key please send an e-mail 
message to security-alert@xxxxxx with the Subject of 'get key' (no quotes).

System management and security procedures must be reviewed frequently to maintain 
system integrity. HP is continually reviewing and enhancing the security features 
of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention 
of users of the affected HP products the important security information contained in 
this Bulletin. HP recommends that all users determine the applicability of this 
information to their individual situations and take appropriate action. HP does 
not warrant that this information is necessarily accurate or complete for all user 
situations and, consequently, HP will not be responsible for any damages resulting 
from user's use or disregard of the information provided in this Bulletin. To the 
extent permitted by law, HP disclaims all warranties, either express or implied, 
including the warranties of merchantability and fitness for a particular purpose, 
title and non-infringement."


(c)Copyright 2004 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company 
shall not be liable for technical or editorial errors or omissions contained herein. 
The information provided is provided "as is" without warranty of any kind. To the 
extent permitted by law, neither HP or its affiliates, subcontractors or suppliers 
will be liable for incidental, special or consequential damages including downtime 
cost; lost profits; damages relating to the procurement of substitute products or 
services; or damages for loss of data, or software restoration. The information in 
this document is subject to change without notice. Hewlett-Packard Company and the 
names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard 
Company in the United States and other countries. Other product and company names
 mentioned herein may be trademarks of their respective owners.

- - -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBQOGLyeAfOvwtKn1ZEQLvAwCfdrgjS3MgQXohbAMuhomKJbGPtioAoI+d
YYLSN74gEUFXqdajNTcvx0Bl
=U9Wl
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQOITuih9+71yA2DNAQLzmwP+JjJSGU2VNOtu0Og0koKHYVBFJ8nYKOn/
66TC4FcFL5it30QYs7vPDSdPzvZx/H1pGEzChcvMkUXp0uMf/H8oPc5VtNDd4mqj
vMRiHMJr99dqsslhBYIIjQt+s7zkK6M8VvO0GYJSLldvtPVyAS9akAvYo7EtRuB7
UCCDWgGWJ3M=
=s8Ys
- -----END PGP SIGNATURE-----





2.




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             
             ESB-2004.0433 -- HP SECURITY BULLETIN HPSBUX01047
          SSRT4758 rev. 0 HP-UX ObAM WebAdmin unauthorized access
                               30 June 2004

===========================================================================

        

Product:                WebAdmin
Publisher:              Hewlett-Packard
Operating System:       HP-UX 11.11
Impact:                 Execute Arbitrary Code/Commands
Access Required:        Remote

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HP SECURITY BULLETIN


HPSBUX01047     REVISION: 0

SSRT4758 rev. 0 HP-UX ObAM WebAdmin unauthorized access


 -----------------------------------------------------------------
NOTICE:
 There are no restrictions for distribution of this Bulletin  provided that 
it remains complete and intact.

 The information in this Security bulletin should be acted upon as  soon as possible.

INITIAL RELEASE:    28 June 2004



POTENTIAL SECURITY IMPACT:    remote unauthorized access

SOURCE:    HEWLETT-PACKARD COMPANY
                HP Software Security Response Team

REFERENCES:    None

VULNERABILITY SUMMARY:
A potential vulnerability has been identified with HP-UX running ObAM 5.0 with 
the WebAdmin capability enabled.  This vulnerability could be exploited remotely 
to allow unauthorized access.

SUPPORTED SOFTWARE VERSIONS*:  ONLY impacted versions are listed. HP-UX B.11.11 
running ObAM 5.0

BACKGROUND:
The version of the Apache web server delivered with ObAM 5.0 has potential security 
vulnerabilities.  The Apache web server is used to implement the WebAdmin feature, 
which is disabled by default. The WebAdmin feature is used by  Service Control 
Manager 1.0 and by Partition Manager 1.0.

    AFFECTED VERSIONS

     Note: To determine if a system has an affected version,
           search the output of "swlist -a revision -l fileset"
           for an affected fileset.  Then determine if the
           recommended patch or update is installed.


     HP-UX B.11.11
     =============
     OBAM.OBAM-WEB
     action:  disable the OBAM web administration interface

     END AFFECTED VERSIONS

RESOLUTION:
Check the /etc/rc.config.d/webadmin file.   If  the defaul value
("WEBADMIN= 0" ) has been changed,  edit the file to set "WEBADMIN=0",  and run the 
following run the following as root to stop the Apache server if it had been running:

      /usr/obam/server/bin/apachectl stop


The steps above will disable the WebAdmin feature.   Service
Control Manager 1.0  and  Partition Manager 1.0 must then be executed  locally  and 
displayed to an X11 server to provide remote administration.  HP Systems Insight 
Manager can installed and used instead of Service Control Manager to provide 
remote administration via a web browser.


MANUAL ACTIONS:  Yes - NonUpdate

Disable OBAM web administration interface.


SUPPORT: For further information, contact HP Services support
         channel.

SUBSCRIBE: To initiate a subscription to receive future HP Security Bulletins 
via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode
=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page:
Driver and Support Alerts/Notifications Sign-up: Product Selection Under Step1: 
your products 1. Select product category:
   - a minimum of servers must be selected.
2. Select product family or search:
   - a minimum of one product must be selected.
3. Add a product:
   - a minimum of one product must be added.
In Step 2: your operating system(s)
   - check ALL operating systems for which alerts are required. Complete the form and Save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page Subscriber's choice for Business: sign-in. On the Web page: 
Subscriber's Choice: your profile summary
- - - - - use Edit Profile to update appropriate sections.

Note: In addition to the individual alerts/notifications for the selected operating 
systems/products, subscribers will automatically receive one copy of alerts for 
non-operating system categories (i.e., a subscriber who signs up for all six operating 
system alerts will only receive one copy of all the non-operating system alerts).

HP-UX SPECIFIC SECURITY BULLETINS*:
To review previously published Security Bulletins for HP-UX: 
 http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin

Security Patch Check revision B.02.00 analyzes all HP-issued security bulletins 
to give you a subset of recommended actions that potentially affect your particular 
HP-UX system. For more information: <http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
 displayProductInfo.pl?productNumber=B6834AA>


REPORT: To report a potential security vulnerability with any HP supported product, send 
Email to: security-alert@xxxxxxx It is strongly recommended that security related information 
being communicated to HP be encrypted using PGP, especially exploit information. To obtain 
the security-alert PGP key please send an e-mail message to security-alert@xxxxxx with the 
Subject of 'get key' (no quotes).

System management and security procedures must be reviewed frequently to maintain system 
integrity. HP is continually reviewing and enhancing the security features of software 
products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention 
of users of the affected HP products the important security information contained in 
this Bulletin. HP recommends that all users determine the applicability of this 
information to their individual situations and take appropriate action. HP does not 
warrant that this information is necessarily accurate or complete for all user 
situations and, consequently, HP will not be responsible for any damages resulting 
from user's use or disregard of the information provided in this Bulletin. To the 
extent permitted by law, HP disclaims all warranties, either express or implied, 
including the warranties of merchantability and fitness for a particular purpose, 
title and non-infringement."


(c)Copyright 2004 Hewlett-Packard Development Company, L.P. Hewlett-Packard 
Company shall not be liable for technical or editorial errors or omissions contained 
herein. The information provided is provided "as is" without warranty of any kind. 
To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers
 will be liable for incidental, special or consequential damages including downtime cost; 
lost profits; damages relating to the procurement of substitute products or services; or 
damages for loss of data, or software restoration. The information in this document is 
subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard 
products referenced herein are trademarks of Hewlett-Packard Company in the United States 
and other countries. Other product and company names mentioned herein may be trademarks of 
their respective owners.

- - -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBQOCGbuAfOvwtKn1ZEQL98gCfcMUbunnq4gXamMailMk/k6cHLXsAnArp
83/9h7rAbFBjd+rMFpCPv5cK
=/5Xf
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQOIRKCh9+71yA2DNAQLl5AQAnK/8UrZs2tttfgsuQc7/Fm78WuO3zVvl
G9jqZTMu8jc9+of2vxh/M8QHfNMwDslIzJCmFm9S/J8aRqQ77dyc+RIHHAffDlmv
+vJ3e6G9oC970HYs87N/xxvJvGoMRAYiUmHor7J4tu+sCFG+rrycahnsT2Lr8ZjT
FdQsn2bDcgM=
=p9qF
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Hewlett Packard for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQOK/YYpao72zK539AQECLwP/Wf7gZYJ345mAoGVSIWpk2N5Iu72HZOQx
yTYZUzIfZnLF48/EhQYPgykzkvPF5N/Qh5kV/YjUVsHqzJzyKVLBgW2vbVDRF4Y7
bY0ulZ4eRehtRUFvSy3qdELVoimFrc6jQmUT/a6mGmQ7ojt181zVXUCxr6DTgwtk
IE1NwotyHPA=
=F2IS
-----END PGP SIGNATURE-----