U radu programskog paketa HP-UX 11 uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za napad uskraćivanjem usluga (DoS).

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03261413

Version: 1
HPSBUX02758 SSRT100774 rev.1 - HP-UX running DCE, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-04-02

Last Updated: 2012-04-02

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

A potential security vulnerability has been identified in HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS).

References: CVE-2012-0131
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP-UX B.11.11 and HP-UX B.11.23
BACKGROUND

For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics

Reference
	
Base Vector
	
Base Score
CVE-2012-0131
	
(AV:N/ACL/Au:N/C:C/I:C/A:C)
	
10.0

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made the following patches available to resolve this vulnerability.
The patches are available from http://www.hp.com/go/HPSC

OS Release
	
DCE version
	
Patch ID
HP-UX B.11.11
	
Client v1.8
	
PHSS_42852 or subsequent
HP-UX B.11.11
	
Server v1.8
	
PHSS_42865 or subsequent
HP-UX B.11.23
	
Client v1.9
	
PHSS_42853 or subsequent
HP-UX B.11.23
	
Server v1.9
	
PHSS_42866 or subsequent


MANUAL ACTIONS: No

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11
=============
DCE-Core.DCE-CORE-DTS
DCE-Core.DCE-CORE-RUN
DCE-Core.DCE-CORE-SHLIB
DCE-Core.DCE-COR-64SLIB
action: install patch PHSS_42852 or subsequent

DCE-CDS-Server.CDS-SERVER
DCE-SEC-Server.SEC-SERVER
DCE-CoreTools.DCE-BPRG
DCE-C-Tools.DCE-TOOLS-LIB
DCE-CoreAdmin.DCE-CDSBROWSER
action: install patch PHSS_42865 or subsequent

HP-UX B.11.23
=============
DCE-Core.DCE-BPRG
DCE-Core.DCE-COR-64SLIB
DCE-Core.DCE-COR-IA-RUN
DCE-Core.DCE-COR-PA-RUN
DCE-Core.DCE-CORE-DTS
DCE-Core.DCE-CORE-RUN
DCE-Core.DCE-CORE-SHLIB
DCE-Core.DCE-IA64-SHLIB
action: install patch PHSS_42853 or subsequent

DCE-SEC-Server.SEC-SERVER
action: install patch PHSS_42866 or subsequent

END AFFECTED VERSIONS

HISTORY
Version:1 (rev.1) - 2 April 2012 Initial release