|
|
|
|
| |
Credit:
The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02757867
|
| |
Vulnerable Systems:
* HP Discovery & Dependency Mapping Inventory (DDMI) v7.50 running on Windows
* HP Discovery & Dependency Mapping Inventory (DDMI) v7.51 running on Windows
* HP Discovery & Dependency Mapping Inventory (DDMI) v7.60 running on Windows
* HP Discovery & Dependency Mapping Inventory (DDMI) v7.61 running on Windows
* HP Discovery & Dependency Mapping Inventory (DDMI) v7.70 running on Windows
* HP Discovery & Dependency Mapping Inventory (DDMI) v9.30 running on Windows
The vulnerability could be exploited remotely to allow unauthorized read-only access to the data available via the SNMP protocol.
Workaround:
The vulnerability can be resolved by insuring that the SNMP read community string is set to a secure value.
Securing the Windows SNMP service:
DDMI requires the Windows SNMP service for its operation. If necessary DDMI will install and configure the Windows SNMP service using the Windows default security settings. As a result the SNMP read community string may be set to public .
To modify the default security configuration of the of the Windows SNMP service:
Open the Windows Services Control Panel applet, select Administrative Tools and then select Services.
Select the SNMP Service, right click on it and select Properties and navigate to the Security tab.
Amend the security settings as required to change the default read community string to a value other than public.Add the updated read community string to the appropriate DDM Inventory SNMP profile.
Third Party Security Patches:
Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
CVE Information:
CVE-2011-0890
Disclosure Timeline:
Release Date: 2011-03-21
Last Updated: 2011-03-21
|
|
|
|
|
