HP-UX 보호우회

HP-UX 보호우회  

명칭 : HP-UX 보호우회

발령일시 : 4월27일

해당시스템 : HP-UX 11.31

위험도 : ★★★☆☆

최초 보고자 : HPSBUX03001 SSRT101382 rev.1

HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk 

-----BEGIN PGP SIGNED MESSAGE----- 

Hash: SHA1 

Note: the current version of the following document is available here: 

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ 

docDisplay?docId=emr_na-c04227671 

SUPPORT COMMUNICATION - SECURITY BULLETIN 

Document ID: c04227671 

Version: 1 

HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System 

Integrity Risk 

NOTICE: The information in this Security Bulletin should be acted upon as 

soon as possible. 

Release Date: 2014-04-14 

Last Updated: 2014-04-14 

Potential Security Impact: Local unauthorized access 

Source: Hewlett-Packard Company, HP Software Security Response Team 

VULNERABILITY SUMMARY 

A potential security vulnerability has been identified with the HP-UX 

Whitelisting (WLI) product. The vulnerability could be exploited locally 

resulting system integrity compromises. 

References: CVE-2013-6219, (SSRT101382) 

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. 

HP-UX version B.11.31 running Whitelisting (WLI) version prior to A.01.02.02 

BACKGROUND 

CVSS 2.0 Base Metrics 

=========================================================== 

Reference              Base Vector             Base Score 

CVE-2013-6219    (AV:L/AC:H/Au:S/C:N/I:C/A:N)       3.8 

=========================================================== 

           Information on CVSS is documented 

          in HP Customer Notice: HPSN-2008-002 

RESOLUTION 

HP has provided the following version to resolve this vulnerability. The 

depot can be retrieved from http://software.hp.com   

HP-UX Release 

Download Depot Filename 

B.11.31 (11i v3) 

HP_UX_Whitelisting_V1.2_for_HP_UX_11i_v3_at_level_B.11.31.0909_or_later_Whit 

eListInf_A.01.02.02_HP-UX_B.11.31_IA.depot or subsequent 

MANUAL ACTIONS: No 

PRODUCT SPECIFIC INFORMATION 

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application 

that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins 

issued by HP and lists recommended actions that may apply to a specific HP-UX 

system. It can also download patches and create a depot automatically. For 

more information see: https://www.hp.com/go/swa 

The following text is for use by the HP-UX Software Assistant. 

AFFECTED VERSIONS 

HP-UX B.11.31 

================== 

WLI-PROD.WLI-DEV 

WLI-PROD.WLI-KRN 

WLI-PROD.WLI-RUN 

action: install A.01.02.02 or subsequent 

END AFFECTED VERSIONS 

HISTORY 

Version:1 (rev.1) - 14 April 2014 Initial release 

Third Party Security Patches: Third party security patches that are to be 

installed on systems running HP software products should be applied in 

accordance with the customer's patch management policy. 

Support: For issues about implementing the recommendations of this Security 

Bulletin, contact normal HP Services support channel.  For other issues about 

the content of this Security Bulletin, send e-mail to security-alert@hp.com. 

Report: To report a potential security vulnerability with any HP supported 

product, send Email to: security-alert@hp.com 

Subscribe: To initiate a subscription to receive future HP Security Bulletin 

alerts via Email: 

http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins   

Security Bulletin Archive: A list of recently released Security Bulletins is 

available here: 

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ 

Software Product Category: The Software Product Category is represented in 

the title by the two characters following HPSB. 

3C = 3COM 

3P = 3rd Party Software 

GN = HP General Software 

HF = HP Hardware and Firmware 

MP = MPE/iX 

MU = Multi-Platform Software 

NS = NonStop Servers 

OV = OpenVMS 

PI = Printing and Imaging 

PV = ProCurve 

ST = Storage Software 

TU = Tru64 UNIX 

UX = HP-UX 

Copyright 2014 Hewlett-Packard Development Company, L.P. 

Hewlett-Packard Company shall not be liable for technical or editorial errors 

or omissions contained herein. The information provided is provided "as is" 

without warranty of any kind. To the extent permitted by law, neither HP or 

its affiliates, subcontractors or suppliers will be liable for 

incidental,special or consequential damages including downtime cost; lost 

profits; damages relating to the procurement of substitute products or 

services; or damages for loss of data, or software restoration. The 

information in this document is subject to change without notice. 

Hewlett-Packard Company and the names of Hewlett-Packard products referenced 

herein are trademarks of Hewlett-Packard Company in the United States and 

other countries. Other product and company names mentioned herein may be 

trademarks of their respective owners. 

-----BEGIN PGP SIGNATURE----- 

Version: GnuPG v1.4.13 (GNU/Linux) 

iEYEARECAAYFAlNMHjoACgkQ4B86/C0qfVmwAACgoA3O92KLPG/K3m2QpAZ0lka6 

kUMAoOVu73isNPPMe5EGjxTdz/HLbJcR 

=BQk8 

-----END PGP SIGNATURE-----