|
|
|
|
| |
Credit:
The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153865
|
| |
Vulnerable Systems:
* HP Performance Center Agent running on Windows prior to v9.50
Immune Systems:
* HP Performance Center Agent running on Windows version v9.50
A potential security vulnerability has been identified with the HP Performance Center Agent running on Windows. The vulnerability could be exploited by a remote unauthenticated user to execute arbitrary code.
Patch Availability:
The vulnerability can be resolved by enabling the Secure Channel feature. This resolution requires installation of HP Performance Center v9.50 or subsequent.
Note: Starting with version 9.50 HP Performance Center has provided a documented feature called Secure Communication. Secure Communication prevents non-trusted sources from transmitting code to the Load Generators by establishing an encrypted and secured communication channel. Secure Communication is disabled by default. There are detailed instructions regarding Secure Communication in the HP Performance Center System Configuration and Installation Guide. See the 'Configuration' chapter, 'Recommended Configuration' section. The chapter section 'Configuring Host Security Settings.' has instructions to enforce Secure Communication. Using Secure Communication involves both enabling 'enforce secure communication' and setting the security key.
CVE Information:
CVE-2010-1549
Disclosure Timeline:
2010-05-10: Release Date
2010-05-10: Last Updated
|
|
|
|
|
