|
|
Credit:
The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02781143
|
|
Vulnerable Systems:
* HP OpenView Storage Data Protector v6.11 running on Windows
* HP OpenView Storage Data Protector v6.11 running on HP-UX
* HP OpenView Storage Data Protector v6.11 running on Linux
* HP OpenView Storage Data Protector v6.11 running on Solaris
* HP OpenView Storage Data Protector v6.10 running on Windows
* HP OpenView Storage Data Protector v6.10 running on HP-UX
* HP OpenView Storage Data Protector v6.10 running on Linux
* HP OpenView Storage Data Protector v6.10 running on Solaris
* HP OpenView Storage Data Protector v6.00 running on Windows
* HP OpenView Storage Data Protector v6.00 running on HP-UX
* HP OpenView Storage Data Protector v6.00 running on Linux
* HP OpenView Storage Data Protector v6.00 running on Solaris
Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code.
Patch Availability:
HP has provided the following procedure to resolve these vulnerabilities.
1. Upgrade to Data Protector A.06.20 or subsequent
2. Enable encrypted control communication services
The upgrade is available for download from:
http://hp.com/go/dataprotector
CVE Information:
CVE-2011-0921
CVE-2011-0922
CVE-2011-0923
CVE-2011-0924
Disclosure Timeline:
Version: 1 (rev.1) - 25 April 2011 Initial release
Version: 2 (rev.2) - 27 April 2011 Added procedure and attribution
|
|