‘Insight Control for Linux Multiple Vulnerabilities’

Published on August 31st, 2011
Summary

Remote unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure and Denial of Service (DoS) vulnerabilities were identified in Insight Control for Linux.’

Credit:

‘The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777


Details

‘Details:
Vulnerable Systems:
 * Insight Control for Linux (IC-Linux) prior to v6.3

Immune Systems:
 * Insight Control for Linux (IC-Linux) v6.3 or subsequent

Potential security vulnerabilities have been identified with Insight Control for Linux (IC-Linux). The vulnerabilities could be exploited remotely to allow unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure, and Denial of Service (DoS).

Patch Availability:
The product kit is available here:
http://h18004.www1.hp.com/products/servers/management/insightcontrol_linux2/index.html

CVE Information:
CVE-2010-3864
CVE-2010-4180
CVE-2011-0014
CVE-2011-0539
CVE-2011-1535

Disclosure Timeline:
Version:1 (rev.1) 19 April 2011 Initial release’

Categories: UNIX
Tags:

Related Posts

UNIX

‘ProFTPD Response Pool Use-After-Free Code Execution Vulnerability’

'This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server.'

UNIX

‘HP-UX Running NFS/ONCplus Denial of Service Vulnerability’

'A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX.'

UNIX

‘HP-UX Running BIND Denial of Service Vulnerability 2011’

'A potential security vulnerability has been identified with HP-UX running BIND.'