HP TCP/IP Services for OpenVMS Two Security Issues (secunia.com)
Secunia Advisory: SA25882
Release Date: 2007-07-03
Critical: Less critical
Impact: Brute force
Exposure of sensitive information
Where: From local network
Solution Status: Unpatched
Software: HP TCP/IP Services for OpenVMS 5.x
Description:
Two security issues have been reported in HP TCP/IP Services for OpenVMS, which can be exploited by malicious people to disclose sensitive information or to conduct brute force attacks.
1) The security issue is caused due to the POP server returning different responses depending on whether or not a valid user name is supplied and can be exploited to enumerate valid POP user names.
2) The problem is that the TCP/IP Services POP3 mail mechanism is not utilising the intrusion detection of OpenVMS properly. This can be exploited to conduct brute force attacks.
The security issues are reported in TCP/IP Services 5.6. Other versions may also be affected.
Solution:
Grant only trusted people network access to the POP service.
HP Instant Support Driver Check sdd.dll Buffer Overflow (secunia.com)
Secunia Advisory: SA25918
Release Date: 2007-07-03
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: HP Instant Support - Driver Check 1.x
Description:
A vulnerability has been reported in HP Instant Support Driver Check, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error when processing the "queryHub()" function in sdd.dll. This can be exploited to cause a buffer overflow via an overly long string passed to the affected function when a user visits a malicious web page.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in versions prior to 1.5.0.3.
Solution:
Update to version 1.5.0.3.
Provided and/or discovered by:
The vendor credits John Heasman of NGSSoftware and Carlo Di Dato a.k.a. shinnai.
Original Advisory:
全站熱搜
留言列表
