‘Insight Control for Linux Multiple Vulnerabilities’

Summary

Remote unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure and Denial of Service (DoS) vulnerabilities were identified in Insight Control for Linux.’

Credit:

‘The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777


Details

‘Details:
Vulnerable Systems:
 * Insight Control for Linux (IC-Linux) prior to v6.3

Immune Systems:
 * Insight Control for Linux (IC-Linux) v6.3 or subsequent

Potential security vulnerabilities have been identified with Insight Control for Linux (IC-Linux). The vulnerabilities could be exploited remotely to allow unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure, and Denial of Service (DoS).

Patch Availability:
The product kit is available here:
http://h18004.www1.hp.com/products/servers/management/insightcontrol_linux2/index.html

CVE Information:
CVE-2010-3864
CVE-2010-4180
CVE-2011-0014
CVE-2011-0539
CVE-2011-1535

Disclosure Timeline:
Version:1 (rev.1) 19 April 2011 Initial release’

Categories: UNIX