CVE-2006-2937
CVSS7.8
发布时间 :2006-09-28 14:07:00
修订时间 :2016-10-17 23:40:01
NMCOPS    

[原文]OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.


[CNNVD]OpenSSL 拒绝服务漏洞(CNNVD-200609-523)

        OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
        OpenSSL的协议处理实现上存在漏洞,远程攻击者可能利用此漏洞在服务器执行拒绝服务攻击。
        在解析某些无效的ASN.1结构时OpenSSL可能没有正确地处理出错情况,导致死循环。通过触发这个死循环,攻击者可能导致拒绝服务。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/a:openssl:openssl:0.9.7OpenSSL Project OpenSSL 0.9.7
cpe:/a:openssl:openssl:0.9.8OpenSSL Project OpenSSL 0.9.8
cpe:/a:openssl:openssl:0.9.7dOpenSSL Project OpenSSL 0.9.7d
cpe:/a:openssl:openssl:0.9.7eOpenSSL Project OpenSSL 0.9.7e
cpe:/a:openssl:openssl:0.9.7fOpenSSL Project OpenSSL 0.9.7f
cpe:/a:openssl:openssl:0.9.7gOpenSSL Project OpenSSL 0.9.7g
cpe:/a:openssl:openssl:0.9.8aOpenSSL Project OpenSSL 0.9.8a
cpe:/a:openssl:openssl:0.9.7aOpenSSL Project OpenSSL 0.9.7a
cpe:/a:openssl:openssl:0.9.8bOpenSSL Project OpenSSL 0.9.8b
cpe:/a:openssl:openssl:0.9.7bOpenSSL Project OpenSSL 0.9.7b
cpe:/a:openssl:openssl:0.9.8cOpenSSL Project OpenSSL 0.9.8c
cpe:/a:openssl:openssl:0.9.7cOpenSSL Project OpenSSL 0.9.7c
cpe:/a:openssl:openssl:0.9.7hOpenSSL Project OpenSSL 0.9.7h
cpe:/a:openssl:openssl:0.9.7iOpenSSL Project OpenSSL 0.9.7i
cpe:/a:openssl:openssl:0.9.7jOpenSSL Project OpenSSL 0.9.7j
cpe:/a:openssl:openssl:0.9.7kOpenSSL Project OpenSSL 0.9.7k

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10560OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumpti...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2937
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200609-523
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2008-007
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
(UNKNOWN)  SGI  20061001-01-P
http://docs.info.apple.com/article.html?artnum=304829
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=304829
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
(UNKNOWN)  HP  HPSBMA02250
http://issues.rpath.com/browse/RPL-613
(UNKNOWN)  CONFIRM  http://issues.rpath.com/browse/RPL-613
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
(UNKNOWN)  HP  SSRT061239
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
(UNKNOWN)  HP  SSRT071299
http://kolab.org/security/kolab-vendor-notice-11.txt
(PATCH)  CONFIRM  http://kolab.org/security/kolab-vendor-notice-11.txt
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
(UNKNOWN)  APPLE  APPLE-SA-2006-11-28
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
(PATCH)  FULLDISC  20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
(UNKNOWN)  MLIST  [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://marc.info/?l=bind-announce&m=116253119512445&w=2
(UNKNOWN)  MLIST  [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
http://marc.info/?l=bugtraq&m=130497311408250&w=2
(UNKNOWN)  HP  HPSBOV02683
http://openbsd.org/errata.html#openssl2
(PATCH)  OPENBSD  [3.9] 20061007 013: SECURITY FIX: October 7, 2006
http://openvpn.net/changelog.html
(PATCH)  CONFIRM  http://openvpn.net/changelog.html
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
(VENDOR_ADVISORY)  FREEBSD  FreeBSD-SA-06:23.openssl
http://security.gentoo.org/glsa/glsa-200610-11.xml
(UNKNOWN)  GENTOO  GLSA-200610-11
http://securitytracker.com/id?1016943
(PATCH)  SECTRACK  1016943
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
(PATCH)  SLACKWARE  SSA:2006-272-01
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
(UNKNOWN)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
(PATCH)  SUNALERT  102668
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
(UNKNOWN)  SUNALERT  102747
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
(UNKNOWN)  SUNALERT  200585
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
(UNKNOWN)  SUNALERT  201534
http://support.attachmate.com/techdocs/2374.html
(UNKNOWN)  CONFIRM  http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
(PATCH)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
(VENDOR_ADVISORY)  CONFIRM  http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
(UNKNOWN)  CONFIRM  http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
(UNKNOWN)  CISCO  20061108 Multiple Vulnerabilities in OpenSSL Library
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
(UNKNOWN)  CISCO  20061108 Multiple Vulnerabilities in OpenSSL library
http://www.debian.org/security/2006/dsa-1185
(PATCH)  DEBIAN  DSA-1185
http://www.f-secure.com/security/fsc-2006-6.shtml
(UNKNOWN)  CONFIRM  http://www.f-secure.com/security/fsc-2006-6.shtml
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
(UNKNOWN)  GENTOO  GLSA-200612-11
http://www.kb.cert.org/vuls/id/247744
(PATCH)  CERT-VN  VU#247744
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
(UNKNOWN)  MANDRIVA  MDKSA-2006:172
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
(UNKNOWN)  MANDRIVA  MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
(UNKNOWN)  MANDRIVA  MDKSA-2006:178
http://www.novell.com/linux/security/advisories/2006_24_sr.html
(VENDOR_ADVISORY)  SUSE  SUSE-SR:2006:024
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2006:058
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
(VENDOR_ADVISORY)  OPENPKG  OpenPKG-SA-2006.021
http://www.openssl.org/news/secadv_20060928.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.openssl.org/news/secadv_20060928.txt
http://www.redhat.com/support/errata/RHSA-2006-0695.html
(PATCH)  REDHAT  RHSA-2006:0695
http://www.redhat.com/support/errata/RHSA-2008-0629.html
(UNKNOWN)  REDHAT  RHSA-2008:0629
http://www.securityfocus.com/archive/1/archive/1/447318/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060928 rPSA-2006-0175-1 openssl openssl-scripts
http://www.securityfocus.com/archive/1/archive/1/447393/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060929 rPSA-2006-0175-2 openssl openssl-scripts
http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded
(UNKNOWN)  BUGTRAQ  20070110 VMware ESX server security updates
http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded
(UNKNOWN)  BUGTRAQ  20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://www.securityfocus.com/bid/20248
(PATCH)  BID  20248
http://www.securityfocus.com/bid/28276
(UNKNOWN)  BID  28276
http://www.serv-u.com/releasenotes/
(PATCH)  CONFIRM  http://www.serv-u.com/releasenotes/
http://www.ubuntu.com/usn/usn-353-1
(VENDOR_ADVISORY)  UBUNTU  USN-353-1
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
(UNKNOWN)  CERT  TA06-333A
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2006/3820
(UNKNOWN)  VUPEN  ADV-2006-3820
http://www.vupen.com/english/advisories/2006/3860
(UNKNOWN)  VUPEN  ADV-2006-3860
http://www.vupen.com/english/advisories/2006/3869
(UNKNOWN)  VUPEN  ADV-2006-3869
http://www.vupen.com/english/advisories/2006/3902
(UNKNOWN)  VUPEN  ADV-2006-3902
http://www.vupen.com/english/advisories/2006/3936
(UNKNOWN)  VUPEN  ADV-2006-3936
http://www.vupen.com/english/advisories/2006/4019
(UNKNOWN)  VUPEN  ADV-2006-4019
http://www.vupen.com/english/advisories/2006/4036
(UNKNOWN)  VUPEN  ADV-2006-4036
http://www.vupen.com/english/advisories/2006/4264
(UNKNOWN)  VUPEN  ADV-2006-4264
http://www.vupen.com/english/advisories/2006/4327
(UNKNOWN)  VUPEN  ADV-2006-4327
http://www.vupen.com/english/advisories/2006/4329
(UNKNOWN)  VUPEN  ADV-2006-4329
http://www.vupen.com/english/advisories/2006/4401
(UNKNOWN)  VUPEN  ADV-2006-4401
http://www.vupen.com/english/advisories/2006/4417
(UNKNOWN)  VUPEN  ADV-2006-4417
http://www.vupen.com/english/advisories/2006/4750
(UNKNOWN)  VUPEN  ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4761
(UNKNOWN)  VUPEN  ADV-2006-4761
http://www.vupen.com/english/advisories/2006/4980
(UNKNOWN)  VUPEN  ADV-2006-4980
http://www.vupen.com/english/advisories/2007/0343
(UNKNOWN)  VUPEN  ADV-2007-0343
http://www.vupen.com/english/advisories/2007/1401
(UNKNOWN)  VUPEN  ADV-2007-1401
http://www.vupen.com/english/advisories/2007/2315
(UNKNOWN)  VUPEN  ADV-2007-2315
http://www.vupen.com/english/advisories/2007/2783
(UNKNOWN)  VUPEN  ADV-2007-2783
http://www.vupen.com/english/advisories/2008/0905/references
(UNKNOWN)  VUPEN  ADV-2008-0905
http://www.vupen.com/english/advisories/2008/2396
(UNKNOWN)  VUPEN  ADV-2008-2396
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
(UNKNOWN)  CONFIRM  http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
http://xforce.iss.net/xforce/xfdb/29228
(PATCH)  XF  openssl-asn1-error-dos(29228)
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
(UNKNOWN)  HP  SSRT061213

- 漏洞信息

OpenSSL 拒绝服务漏洞
高危 资源管理错误
2006-09-28 00:00:00 2009-02-04 00:00:00
远程  
        OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
        OpenSSL的协议处理实现上存在漏洞,远程攻击者可能利用此漏洞在服务器执行拒绝服务攻击。
        在解析某些无效的ASN.1结构时OpenSSL可能没有正确地处理出错情况,导致死循环。通过触发这个死循环,攻击者可能导致拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.debian.org/security/2005/dsa-1185
        

- 漏洞信息 (F101257)

HP Security Bulletin HPSBOV02683 SSRT090208 (PacketStormID:F101257)
2011-05-10 00:00:00
HP  hp.com
advisory,web,denial of service,php,vulnerability
CVE-2002-0839,CVE-2002-0840,CVE-2003-0542,CVE-2004-0492,CVE-2005-2491,CVE-2005-3352,CVE-2005-3357,CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-3747,CVE-2006-3918,CVE-2006-4339,CVE-2006-4343,CVE-2007-5000,CVE-2007-6388,CVE-2008-0005,CVE-2009-1891,CVE-2009-3095,CVE-2009-3291,CVE-2009-3292,CVE-2009-3293,CVE-2009-3555,CVE-2010-0010
[点击下载]

HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02824490
Version: 1

HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-05-05
Last Updated: 2011-05-05

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.

References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
  Reference              Base Vector             Base Score
CVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2
CVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8
CVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2
CVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4
CVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8
CVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8
CVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3
CVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3
CVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1
CVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8
CVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8
===========================================================
             Information on CVSS is documented
            in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name
 Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers.
 http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html

CSWS_PHP V2.2
 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html

HISTORY
Version:1 (rev.1) - 5 May 2011 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
    -check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
    -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:

GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEUEARECAAYFAk3C8qwACgkQ4B86/C0qfVnBqgCYtJgc2OLmG0JEGU4sCpzntC4E
HACgjeWEt9Ja5qNdjhL5iwOp3JVtVic=
=EvRT
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F64684)

VMware Security Advisory 2008-0005 (PacketStormID:F64684)
2008-03-19 00:00:00
VMware  vmware.com
advisory
CVE-2008-0923,CVE-2008-0923,CVE-2008-1361,CVE-2008-1362,CVE-2007-5269,CVE-2006-2940,CVE-2006-2937,CVE-2006-4343,CVE-2006-4339,CVE-2007-5618,CVE-2008-1364,CVE-2008-1363,CVE-2008-1340
[点击下载]

VMware Security Advisory - VMWare has addressed a folder traversal vulnerability, an insecure named pipe vulnerability, libpng, and various other bits and pieces.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
~                   VMware Security Advisory

Advisory ID:       VMSA-2008-0005
Synopsis:          Updated VMware Workstation, VMware Player, VMware
~                   Server, VMware ACE, and VMware Fusion resolve
~                   critical security issues
Issue date:        2008-03-17
Updated on:        2008-03-17 (initial release of advisory)
CVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940
~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339
~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363
~                   CVE-2008-1340
- -------------------------------------------------------------------

1. Summary:

~   Several critical security vulnerabilities have been addressed
~   in the newest releases of VMware's hosted product line.

2. Relevant releases:

~   VMware Workstation 6.0.2 and earlier
~   VMware Workstation 5.5.4 and earlier
~   VMware Player 2.0.2 and earlier
~   VMware Player 1.0.4 and earlier
~   VMware ACE 2.0.2 and earlier
~   VMware ACE 1.0.2 and earlier
~   VMware Server 1.0.4 and earlier
~   VMware Fusion 1.1 and earlier

3. Problem description:

~ a.  Host to guest shared folder (HGFS) traversal vulnerability

~     On Windows hosts, if you have configured a VMware host to guest
~     shared folder (HGFS), it is possible for a program running in the
~     guest to gain access to the host's file system and create or modify
~     executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to
~      guest shared folders.  No versions of ESX Server, including
~      ESX Server 3i, are affected by this vulnerability.  Because
~      ESX Server is based on a bare-metal hypervisor architecture
~      and not a hosted architecture, and it doesn't include any
~      shared folder abilities.  Fusion and Linux based hosted
~      products are unaffected.

~     VMware would like to thank CORE Security Technologies for
~     working with us on this issue.  This addresses advisory
~     CORE-2007-0930.

~     The Common Vulnerabilities and Exposures project (cve.mitre.org)
~     has assigned the name CVE-2008-0923 to this issue.

~     Hosted products
~     ---------------
~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)
~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)
~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)
~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)

~ b.  Insecure named pipes

~     An internal security audit determined that a malicious Windows
~     user could attain and exploit LocalSystem privileges by causing
~     the authd process to connect to a named pipe that is opened and
~     controlled by the malicious user.

~     The same internal security audit determined that a malicious
~     Windows user could exploit an insecurely created named pipe
~     object to escalate privileges or create a denial of service
~     attack.  In this situation, the malicious user could
~     successfully impersonate authd and attain privileges under
~     which Authd is executing.

~     The Common Vulnerabilities and Exposures project (cve.mitre.org)
~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these
~     issues.

~     Windows Hosted products
~     ---------------
~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)
~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)
~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)
~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)
~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)

~ c.  Updated libpng library to version 1.2.22 to address various
~     security vulnerabilities

~     Several flaws were discovered in the way libpng handled various PNG
~     image chunks. An attacker could create a carefully crafted PNG
~     image file in such a way that it could cause an application linked
~     with libpng to crash when the file was manipulated.

~     The Common Vulnerabilities and Exposures project (cve.mitre.org)
~     has assigned the name CVE-2007-5269 to this issue.

~     Hosted products
~     ---------------
~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)
~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)
~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)
~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)
~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)

~     NOTE: Fusion is not affected by this issue.

~ d.  Updated OpenSSL library to address various security vulnerabilities

~     Updated OpenSSL fixes several security flaws were discovered
~     in previous versions of OpenSSL.

~     The Common Vulnerabilities and Exposures project (cve.mitre.org)
~     assigned the following names to these issues: CVE-2006-2940,
~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

~     Hosted products
~     ---------------
~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)
~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)
~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)
~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)
~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)

~     NOTE: Fusion is not affected by this issue.

~ e.  VIX API default setting changed to a more secure default value

~     Workstation 6.0.2 allowed anonymous console access to the guest by
~     means of the VIX API. This release, Workstation 6.0.3, disables
~     this feature. This means that the Eclipse Integrated Virtual
~     Debugger and the Visual Studio Integrated Virtual Debugger will now
~     prompt for user account credentials to access a guest.

~     Hosted products
~     ---------------
~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)
~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)

~ f.  Windows 2000 based hosted products privilege escalation
~     vulnerability

~     This release addresses a potential privilege escalation on
~     Windows 2000 hosted products.  Certain services may be improperly
~     registered and present a security vulnerability to Windows 2000
~     machines.

~     VMware would like to thank Ray Hicken for reporting this issue and
~     David Maciejak for originally pointing out these types of
~     vulnerabilities.

~     The Common Vulnerabilities and Exposures project (cve.mitre.org)
~     assigned the name CVE-2007-5618 to this issue.

~     Windows versions of Hosted products
~     ---------------
~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)
~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)
~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)
~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)
~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)

~     NOTE: Fusion and Linux based products are not affected by this
~           issue.

~ g.  DHCP denial of service vulnerability

~     A potential denial of service issue affects DHCP service running
~     on the host.

~     VMware would like to thank Martin O'Neal for reporting this issue.

~     The Common Vulnerabilities and Exposures project (cve.mitre.org)
~     assigned the name CVE-2008-1364 to this issue.

~     Hosted products
~     ---------------
~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)
~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)
~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)
~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)

~     NOTE: This issue doesn't affect the latest versions of VMware
~           Workstation 6, VMware Player 2, and ACE 2 products.

~ h.  Local Privilege Escalation on Windows based platforms by
~     Hijacking VMware VMX configuration file

~     VMware uses a configuration file named "config.ini" which
~     is located in the application data directory of all users.
~     By manipulating this file, a user could gain elevated
~     privileges by hijacking the VMware VMX process.

~     VMware would like to thank Sun Bing for reporting the issue.

~     The Common Vulnerabilities and Exposures project (cve.mitre.org)
~     assigned the name CVE-2008-1363 to this issue.

~     Windows based Hosted products
~     ---------------
~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)
~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)
~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)
~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)
~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)

~ i.  Virtual Machine Communication Interface (VMCI) memory corruption
~     resulting in denial of service

~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
~     and VMware ACE 2.0.  It is an experimental, optional feature and
~     it may be possible to crash the host system by making specially
~     crafted calls to the VMCI interface.  This may result in denial
~     of service via memory exhaustion and memory corruption.

~     VMware would like to thank Andrew Honig of the Department of
~     Defense for reporting this issue.

~     The Common Vulnerabilities and Exposures project (cve.mitre.org)
~     assigned the name CVE-2008-1340 to this issue.

~     Hosted products
~     ---------------
~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)
~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)

4. Solution:

Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.

~  VMware Workstation 6.0.3
~  ------------------------
~  http://www.vmware.com/download/ws/
~  Release notes:
~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
~  Windows binary
~  md5sum:  323f054957066fae07735160b73b91e5
~  RPM Installation file for 32-bit Linux
~  md5sum:  c44183ad11082f05593359efd220944e
~  tar Installation file for 32-bit Linux
~  md5sum:  57601f238106cb12c1dea303ad1b4820
~  RPM Installation file for 64-bit Linux
~  md5sum:  e9ba644be4e39556724fa2901c5e94e9
~  tar Installation file for 64-bit Linux
~  md5sum:  d8d423a76f99a94f598077d41685e9a9

~  VMware Workstation 5.5.5
~  ------------------------
~  http://www.vmware.com/download/ws/ws5.html
~  Release notes:
~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
~  Windows binary
~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3
~  Compressed Tar archive for 32-bit Linux
~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb
~  Linux RPM version for 32-bit Linux
~  md5sum:  c222b6db934deb9c1bb79b16b25a3202

~  VMware Server 1.0.5
~  -------------------
~  http://www.vmware.com/download/server/
~  Release notes:
~  http://www.vmware.com/support/server/doc/releasenotes_server.html
~  VMware Server for Windows 32-bit and 64-bit
~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc
~  VMware Server Windows client package
~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21
~  VMware Server for Linux
~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e
~  VMware Server for Linux rpm
~  md5sum:  fc3b81ed18b53eda943a992971e9f84a
~  Management Interface
~  md5sum:  dd10d25895d9994bd27ca896152f48ef
~  VMware Server Linux client package
~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8

~  VMware ACE 2.0.3 and 1.0.5
~  --------------------------
~  http://www.vmware.com/download/ace/
~  Windows Release notes:
~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

~  VMware Fusion 1.1.1
~  -------------------
~  http://www.vmware.com/download/fusion/
~  Release notes:
~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0

~  VMware Player 2.0.3 and 1.0.6
~  ----------------------
~  http://www.vmware.com/download/player/
~  Release notes Player 1.x:
~  http://www.vmware.com/support/player/doc/releasenotes_player.html
~  Release notes Player 2.0
~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html
~  2.0.3 Windows binary
~  md5sum:  0c5009d3b569687ae139e13d24c868d3
~  VMware Player 2.0.3 for Linux (.rpm)
~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2
~  VMware Player 2.0.3 for Linux (.tar)
~  md5sum:  2305fcff49bef6e4ad83742412eac978
~  VMware Player 2.0.3 - 64-bit (.rpm)
~  md5sum:  cf945b571c4d96146ede010286fdfca5
~  VMware Player 2.0.3 - 64-bit (.tar)
~  md5sum:  f99c5b293eb87c5f918ad24111565b9f
~  1.0.6 Windows binary
~  md5sum:  895081406c4de5361a1700ec0473e49c
~  Player 1.0.6 for Linux (.rpm)
~  md5sum:  8adb23799dd2014be0b6d77243c76942
~  Player 1.0.6 for Linux (.tar)
~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f

5. References:

~   CVE numbers
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340

- -------------------------------------------------------------------
6. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~  * security-announce@lists.vmware.com
~  * bugtraq@securityfocus.com
~  * full-disclosure@lists.grok.org.uk

E-mail:  security@vmware.com

Security web site
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv
Cv8MnL2bYPyDfYQ3f4IUL+w=
=tFXS
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F58346)

HP Security Bulletin 2006-12.75 (PacketStormID:F58346)
2007-08-08 00:00:00
Hewlett Packard  hp.com
advisory,vulnerability
CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-3747,CVE-2006-4339,CVE-2006-4343
[点击下载]

HP Security Bulletin - Potential security vulnerabilities have been identified HP System Management

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01118771
Version: 1

HPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-08-01
Last Updated: 2007-08-01


Potential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows. These vulnerabilities could by exploited remotely resulting in the execution of arbitrary code or a Denial of Service (DoS). 

References: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

BACKGROUND


RESOLUTION
HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. 
A more recent version is available: System Management Homepage (SMH) version 2.1.8 

HP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from 
http://h18023.www1.hp.com/support/files/server/us/download/26864.html 

HP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from 
http://h18023.www1.hp.com/support/files/server/us/download/26866.html 

HP System Management Homepage for Windows version 2.1.8-179 can be downloaded from 
http://h18023.www1.hp.com/support/files/server/us/download/26977.html 

PRODUCT SPECIFIC INFORMATION 

HISTORY: 
Version:1 (rev.1) - 1 August 2007 Initial Release 

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. 

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com 
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. 
To get the security-alert PGP key, please send an e-mail message as follows:
  To: security-alert@hp.com 
  Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: 
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC 
On the web page: ITRC security bulletins and patch sign-up 
Under Step1: your ITRC security bulletins and patches 
  - check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems 
  - verify your operating system selections are checked and save.


To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php 
Log in on the web page: Subscriber's choice for Business: sign-in. 
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.


To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do 


* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: 

GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux 
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
 

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.


"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    

- 漏洞信息 (F56053)

HP Security Bulletin 2007-13.4 (PacketStormID:F56053)
2007-04-19 00:00:00
Hewlett Packard  hp.com
advisory,remote,denial of service,arbitrary,vulnerability
unix
CVE-2006-4339,CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2007-0493,CVE-2007-0494
[点击下载]

HP Security Bulletin - Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00967144
Version: 1

HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-04-12
Last Updated: 2007-04-12

Potential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS). 

References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) 
VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) 

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The following supported software versions are affected: 
HP Tru64 UNIX v 5.1B-4 (SSL and BIND) 
HP Tru64 UNIX v 5.1B-3 (SSL and BIND) 
HP Tru64 UNIX v 5.1A PK6 (BIND) 
HP Tru64 UNIX v 4.0G PK4 (BIND) 
HP Tru64 UNIX v 4.0F PK8 (BIND) 
Internet Express (IX) v 6.6 BIND (BIND) 
HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) 

BACKGROUND

RESOLUTION

HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

The fixes contained in the ERP kits will be available in the following mainstream releases:
 -Targeted for availability in HP Tru64 UNIX v 5.1B-5 
 -Internet Express (IX) v 6.7 
 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) 

HP Tru64 UNIX Version 5.1B-4 ERP Kit 
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 
Name: T64KIT1001167-V51BB27-ES-20070321
MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd
 
HP Tru64 UNIX Version 5.1B-3 ERP Kit 
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 
Name: T64KIT1001163-V51BB26-ES-20070315
MD5 Checksum: d376d403176f0dbe7badd4df4e91c126
 
HP Tru64 UNIX Version 5.1A PK6 ERP Kit 
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 
Name: T64KIT1001160-V51AB24-ES-20070314
MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7
 
HP Tru64 UNIX Version 4.0G PK4 ERP Kit 
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 
Name: T64KIT1001166-V40GB22-ES-20070316
MD5 Checksum: a446c39169b769c4a03c654844d5ac45
 
HP Tru64 UNIX Version 4.0F PK8 ERP Kit 
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 
Name: DUXKIT1001165-V40FB22-ES-20070316
MD5 Checksum: 718148c87a913536b32a47af4c36b04e
 
HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) 
Location: http://h30097.www3.hp.com/cma/patches.html 
Name: CPQIM360.SSL.01.tar.gz
MD5 Checksum: 1001a10ab642461c87540826dfe28652
 
Internet Express (IX) v 6.6 BIND 
Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.
 


PRODUCT SPECIFIC INFORMATION 

The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:
 -OpenSSL 0.9.8d 
 -BIND 9.2.8 built with OpenSSL 0.9.8d 

Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

HISTORY 
Version:1 (rev.1) - 12 April 2007 Initial release 

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. 

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com 
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. 
To get the security-alert PGP key, please send an e-mail message as follows:
  To: security-alert@hp.com 
  Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: 
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC 
On the web page: ITRC security bulletins and patch sign-up 
Under Step1: your ITRC security bulletins and patches 
  - check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems 
  - verify your operating system selections are checked and save.


To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php 
Log in on the web page: Subscriber's choice for Business: sign-in. 
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.


To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do 


* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: 

GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
 
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.


"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    

- 漏洞信息 (F53990)

HP Security Bulletin 2007-12.99 (PacketStormID:F53990)
2007-01-27 00:00:00
Hewlett Packard  hp.com
advisory,denial of service,arbitrary,vulnerability
hpux
CVE-2006-2940,CVE-2006-2937,CVE-2006-3738,CVE-2006-4343,CVE-2006-4339,CVE-2005-2969
[点击下载]

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540
Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17
Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4:
HP-UX B.11.00
HP-UX B.11.11
===========
hpuxwsAPACHE
action: install revision A.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6:
HP-UX B.11.11
===========
hpuxwsAPACHE,revision=B.1.0.00.01
hpuxwsAPACHE,revision=B.1.0.07.01
hpuxwsAPACHE,revision=B.1.0.08.01
hpuxwsAPACHE,revision=B.1.0.09.01
hpuxwsAPACHE,revision=B.1.0.10.01
hpuxwsAPACHE,revision=B.2.0.48.00
hpuxwsAPACHE,revision=B.2.0.49.00
hpuxwsAPACHE,revision=B.2.0.50.00
hpuxwsAPACHE,revision=B.2.0.51.00
hpuxwsAPACHE,revision=B.2.0.52.00
hpuxwsAPACHE,revision=B.2.0.53.00
hpuxwsAPACHE,revision=B.2.0.54.00
hpuxwsAPACHE,revision=B.2.0.55.00
hpuxwsAPACHE,revision=B.2.0.56.00
hpuxwsAPACHE,revision=B.2.0.58.00
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23
===========
hpuxwsAPACHE
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue.
Software updates for the Apache-based Web Server are available from:
http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation
 -----------------------------
To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system.
For example, the results of the command swlist -l product | grep -I apache
hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache
 -------------
Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time.
After determining which Apache is installed, stop Apache with the following commands:
for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache
 --------------------------
Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
Verify successful download by comparing the cksum with the value specified on the installation web page.
Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation
 ---------------------------
The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables.
%ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions
Install the revision of the product.

PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system.
For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    

- 漏洞信息 (F53566)

VMware Security Advisory 2007-0001 (PacketStormID:F53566)
2007-01-13 00:00:00
VMware  vmware.com
advisory
CVE-2006-3589,CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-4980
[点击下载]

VMware Security Advisory - The VMware ESX server has new patches released that address a slew of security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2007-0001
Synopsis:          VMware ESX server security updates
Issue date:        2007-01-08
Updated on:        2007-01-08
CVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940
                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
                   CVE-2006-4980
- -------------------------------------------------------------------

1. Summary:

Updated ESX Patches address several security issues.

2. Relevant releases:

VMware ESX 3.0.1 without patch ESX-9986131
VMware ESX 3.0.0 without patch ESX-3069097

VMware ESX 2.5.4 prior to upgrade patch 3
VMware ESX 2.5.3 prior to upgrade patch 6
VMware ESX 2.1.3 prior to upgrade patch 4
VMware ESX 2.0.2 prior to upgrade patch 4

3. Problem description:

Problems addressed by these patches:

a. Incorrect permissions on SSL key files generated  by vmware-config
(CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.

b. OpenSSL library vulnerabilities:

    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.

    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.

    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.

    (CVE-2006-4343) The get_server_hello function in the SSLv2 client
    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
    earlier versions allows remote servers to cause a denial of service
    (client crash) via unknown vectors that trigger a null pointer
    dereference.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
    CVE-2006-4339, and CVE-2006-4343 to these issues.

c. Updated OpenSSH package addresses the following possible security issues:

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems

    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).

    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.

    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.

    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.

    NOTE: ESX by default disables version 1 SSH protocol.

    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
    allows remote attackers to cause a denial of service (crash), and
    possibly execute arbitrary code if GSSAPI authentication is enabled,
    via unspecified vectors that lead to a double-free.

    NOTE: ESX doesn't use GSSAPI by default.

    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.

    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.

d. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.

    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.

e. Buffer overflow in Python function repr():

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem

    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings. Python applications
    using this function can open a security vulnerability that could
    allow the execution of arbitrary code.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the name CVE-2006-4980 to this issue.

4. Solution:

Please review the Patch notes for your version of ESX and verify the md5sum.

  ESX 3.0.1
  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
  md5usm: 239375e107fd4c7af57663f023863fcb

  ESX 3.0.0
  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
  md5sum: ca9947239fffda708f2c94f519df33dc

  ESX 2.5.4
  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
  md5sum: 239375e107fd4c7af57663f023863fcb

  ESX 2.5.3
  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
  md5sum: f90fcab28362edbf2311f3ca90cc7739

  ESX 2.1.3
  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

  ESX 2.0.2
  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
  md5sum: 925e70f28d17714c53fdbd24de64329f


5. References:

ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL:  http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL:  http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

6. Contact:

http://www.vmware.com/security

VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail:  security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE
neFG0RikD74TCYeXKW6CBy4=
=9/6k
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

29260
OpenSSL Malformed ASN.1 Structure Resource Consumption DoS
Remote / Network Access Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered due to an error in processing malformed ASN.1 structures which may lead to infinite loop and consumption of memory, and will result in loss of availability for the service.

- 时间线

2006-09-28 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.9.7l, 0.9.8d or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

OpenSSL ASN.1 Structures Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 20248
Yes No
2006-09-28 12:00:00 2011-05-09 07:53:00
Dr. S. N. Henson of the OpenSSL core team and Open Network Security is credited with the discovery of this vulnerability. He created the test suite that uncovered this issue.

- 受影响的程序版本

Xerox WorkCentre Pro 275
Xerox WorkCentre Pro 265
Xerox WorkCentre Pro 255
Xerox WorkCentre Pro 245
Xerox WorkCentre Pro 238
Xerox WorkCentre Pro 232
Xerox WorkCentre 7665 0
Xerox WorkCentre 7655 0
Xerox WorkCentre 275
Xerox WorkCentre 265
Xerox WorkCentre 255
Xerox WorkCentre 245
Xerox WorkCentre 238
Xerox WorkCentre 232
VMWare Workstation 6.0.2
VMWare Workstation 6.0.1
VMWare Workstation 6.0
VMWare Workstation 5.5.5
VMWare Workstation 5.5.4 build 44386
VMWare Workstation 5.5.4
VMWare Workstation 5.5.3 build 42958
VMWare Workstation 5.5.3 build 34685
VMWare Server 1.0.4
VMWare Server 1.0.3
VMWare Server 1.0.2
VMWare Player 2.0.2
VMWare Player 2.0.1
VMWare Player 2.0
VMWare Player 1.0.5
VMWare Player 1.0.4
VMWare Player 1.0.3
VMWare Player 1.0.2
VMWare ESX Server 3.0.1
VMWare ESX Server 3.0
VMWare ESX Server 2.5.4
VMWare ESX Server 2.5.3
VMWare ESX Server 2.1.3
VMWare ESX Server 2.0.2
VMWare ACE 2.0
VMWare ACE 1.0
Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0 x86
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux FUJI
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Trustix Operating System Enterprise Server 2.0
Tevfik Karagulle cwRsync 2.0.9
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 8
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 10_x86
Sun Grid Engine 5.3 x86
Sun Grid Engine 5.3 Sun Linux
Sun Grid Engine 5.3 64-bit SPARC
Sun Grid Engine 5.3 32-bit SPARC
Sun Grid Engine 6.0 Update7_1
Sun Grid Engine 6.0 Update7
Sun Grid Engine 6.0 Update6
Sun Grid Engine 6.0 Update5
Sun Grid Engine 6.0 Update4
Sun Grid Engine 6.0 Update3
Sun Grid Engine 6.0 Update2
Sun Grid Engine 6.0 Update1
Sun Grid Engine 6.0
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux -current
SGI ProPack 3.0 SP6
Serv-U FTP Server 6.3.3 0
Serv-U FTP Server 6.0 1
Serv-U FTP Server 6.0 0
Serv-U FTP Server 6.2.0.1
Serv-U FTP Server 6.1.0.5
Serv-U FTP Server 6.1.0.4
Serv-U FTP Server 6.1.0.1
Serv-U FTP Server 6.1.0.0
Secure Computing SnapGear SG710 0
Secure Computing SnapGear SG580 0
Secure Computing SnapGear SG565 0
Secure Computing SnapGear SG560 0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Desktop 1.0
rPath rPath Linux 1
RedHat Red Hat Network Satellite (for RHEL 4) 5.1
RedHat Network Satellite (for RHEL 4) 4.2
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Red Hat Network Satellite Server 5.0
Red Hat Red Hat Network Satellite Server 4.2
Red Hat Network Satellite (for RHEL 3) 4.2
ProZIlla ProZilla Download Accelarator 1.4 .0
ProZIlla ProZilla Download Accelarator 1.3.2
ProZIlla ProZilla Download Accelarator 1.2.1
OpenVPN OpenVPN 2.0.8
OpenVPN OpenVPN 2.0.7
OpenVPN OpenVPN 2.0.6
OpenVPN OpenVPN 2.0.5
OpenVPN OpenVPN 2.0.4
OpenVPN OpenVPN 2.0.3
OpenVPN OpenVPN 2.0.2
OpenVPN OpenVPN 2.0.1
OpenVPN OpenVPN 2.0 beta11
OpenVPN OpenVPN 2.0
OpenVPN OpenVPN 1.6 .0
OpenVPN OpenVPN 1.5 .0
OpenVPN OpenVPN 1.4.3
OpenVPN OpenVPN 1.4.2
OpenVPN OpenVPN 1.4.1
OpenSSL Project OpenSSL 0.9.8 c
OpenSSL Project OpenSSL 0.9.8 b
OpenSSL Project OpenSSL 0.9.8 a
OpenSSL Project OpenSSL 0.9.8
OpenSSL Project OpenSSL 0.9.7 k
OpenSSL Project OpenSSL 0.9.7 j
OpenSSL Project OpenSSL 0.9.7 i
OpenSSL Project OpenSSL 0.9.7 h
OpenSSL Project OpenSSL 0.9.7 g
OpenSSL Project OpenSSL 0.9.7 f
OpenSSL Project OpenSSL 0.9.7 e
OpenSSL Project OpenSSL 0.9.7 d
OpenSSL Project OpenSSL 0.9.7 c
OpenSSL Project OpenSSL 0.9.7 beta3
OpenSSL Project OpenSSL 0.9.7 beta2
OpenSSL Project OpenSSL 0.9.7 beta1
OpenSSL Project OpenSSL 0.9.7 b
OpenSSL Project OpenSSL 0.9.7 a
+ Conectiva Linux 9.0
+ OpenPKG OpenPKG Current
OpenSSL Project OpenSSL 0.9.7
OpenSSL Project OpenSSL 0.9.6 h
OpenSSL Project OpenSSL 0.9.6 b-36.8
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG 2.2
OpenPKG OpenPKG 2.1
OpenPKG OpenPKG 2.0
OpenPKG OpenPKG Current
OpenBSD OpenBSD 3.9
OpenBSD OpenBSD 3.8
NetBSD NetBSD 3.0.2
NetBSD NetBSD 3.0.1
NetBSD NetBSD 3.1
Navision Financials Server 3.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2006.0 x86_64
MandrakeSoft Linux Mandrake 2006.0
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Kolab Kolab Groupware Server 2.0.3
Kolab Kolab Groupware Server 2.0.2
Kolab Kolab Groupware Server 2.0.1
ISC BIND 9.4 b2
ISC BIND 9.4 b1
ISC BIND 9.4 a6
ISC BIND 9.4 a5
ISC BIND 9.4 a4
ISC BIND 9.4 a3
ISC BIND 9.4 a2
ISC BIND 9.4 a1
ISC BIND 9.3.3 rc2
ISC BIND 9.3.3 rc1
ISC BIND 9.3.3 b1
ISC BIND 9.3.3 b
ISC BIND 9.3.2 -P1
ISC BIND 9.3.2
ISC BIND 9.3.1
ISC BIND 9.3
ISC BIND 9.2.7 rc2
ISC BIND 9.2.7 rc1
ISC BIND 9.2.7 b1
ISC BIND 9.2.6 -P1
ISC BIND 9.2.6
ISC BIND 9.2.5
ISC BIND 9.2.4
ISC BIND 9.2.3
ISC BIND 9.2.2
ISC BIND 9.2.1
ISC BIND 9.2
ISC BIND 9.1.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
ISC BIND 9.0.1
ISC BIND 9.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
IPCop IPCop 1.4.12
IPCop IPCop 1.4.11
IPCop IPCop 1.4.10
Ingate SIParator 4.5.1
Ingate SIParator 4.4.1
Ingate SIParator 4.3.4
Ingate SIParator 4.3.3
Ingate SIParator 4.3.2
Ingate SIParator 4.3.1
Ingate SIParator 4.3
Ingate SIParator 4.2.3
Ingate SIParator 4.2.2
Ingate SIParator 4.2.1
Ingate SIParator 3.3.1
Ingate SIParator 3.2.1
Ingate SIParator 3.2
Ingate SIParator 4.4
Ingate Firewalll 4.4
Ingate Firewall 4.5.1
Ingate Firewall 4.4.1
Ingate Firewall 4.3.4
Ingate Firewall 4.3.3
Ingate Firewall 4.3.2
Ingate Firewall 4.3.1
Ingate Firewall 4.3
Ingate Firewall 4.2 .3
Ingate Firewall 4.2 .2
Ingate Firewall 4.2 .1
Ingate Firewall 4.1.3
Ingate Firewall 3.3.1
Ingate Firewall 3.2.1
Ingate Firewall 3.2
IBM Hardware Management Console (HMC) for pSeries 5.0 R1.0
IBM Hardware Management Console (HMC) for pSeries 4.0 R5.0
IBM Hardware Management Console (HMC) for pSeries 4.0 R4.0
IBM Hardware Management Console (HMC) for pSeries 4.0 R3.3
IBM Hardware Management Console (HMC) for pSeries 4.0 R3.2
IBM Hardware Management Console (HMC) for pSeries 4.0 R3.1
IBM Hardware Management Console (HMC) for pSeries 4.0 R2.1
IBM Hardware Management Console (HMC) for pSeries 4.0 R2.0
IBM Hardware Management Console (HMC) for pSeries 3.3.7
IBM Hardware Management Console (HMC) for pSeries 3.3.2
IBM Hardware Management Console (HMC) for pSeries 3.0 R3.6
IBM Hardware Management Console (HMC) for pSeries 4
IBM Hardware Management Console (HMC) for pSeries 3
IBM Hardware Management Console (HMC) for iSeries 5.0 R1.0
IBM Hardware Management Console (HMC) for iSeries 4.0 R5.0
IBM Hardware Management Console (HMC) for iSeries 4.0 R4.0
IBM Hardware Management Console (HMC) for iSeries 4.0 R3.3
IBM Hardware Management Console (HMC) for iSeries 4.0 R3.2
IBM Hardware Management Console (HMC) for iSeries 4.0 R3.1
IBM Hardware Management Console (HMC) for iSeries 4.0 R2.1
IBM Hardware Management Console (HMC) for iSeries 4.0 R2.0
IBM Hardware Management Console (HMC) for iSeries 4.0
IBM Hardware Management Console (HMC) for iSeries 3.3.7
IBM Hardware Management Console (HMC) for iSeries 3.3.2
IBM Hardware Management Console (HMC) for iSeries 3.0 R3.6
IBM Hardware Management Console (HMC) 5.2.1
IBM Hardware Management Console (HMC) 3.3.7
HP Tru64 5.1 B-4
HP Tru64 5.1 B-3
HP System Management Homepage 2.1.6
HP System Management Homepage 2.1.5
HP System Management Homepage 2.1.4
HP System Management Homepage 2.1.3 .132
HP System Management Homepage 2.1.3
HP System Management Homepage 2.1.2
HP System Management Homepage 2.1.1
HP System Management Homepage 2.1
HP System Management Homepage 2.0.2
HP System Management Homepage 2.0.1
HP System Management Homepage 2.0
HP OpenVMS Secure Web Server 1.2
HP OpenVMS Secure Web Server 1.1 -1
HP OpenVMS Secure Web Server 2.1-1
HP Insight Management Agents for Tru64 UNIX 3.5.2
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux
FreeBSD FreeBSD 6.0 -STABLE
FreeBSD FreeBSD 6.0 -RELEASE
FreeBSD FreeBSD 5.5 -STABLE
FreeBSD FreeBSD 5.5 -RELEASE
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD FreeBSD 4.11 -RELEASE-p3
FreeBSD FreeBSD 4.11 -RELEASE-p20
FreeBSD FreeBSD 4.11 -RELEASE
FreeBSD FreeBSD 6.1 -STABLE
FreeBSD FreeBSD 6.1 -RELEASE
FreeBSD FreeBSD 5.4-STABLE
FileZilla FileZilla Server 0.9.17
FileZilla FileZilla Server 0.9.16 b
FileZilla FileZilla Server 0.9.9
FileZilla FileZilla Server 0.9.8 c
FileZilla FileZilla Server 0.9.8 b
FileZilla FileZilla Server 0.9.8 a
FileZilla FileZilla Server 0.9.8
FileZilla FileZilla Server 0.7.1
FileZilla FileZilla Server 0.7
FileZilla FileZilla Server 0.9.6
FileZilla FileZilla Server 0.9.5
FileZilla FileZilla Server 0.9.4e
FileZilla FileZilla Server 0.9.4d
FileZilla FileZilla Server 0.9.3
FileZilla FileZilla Server 0.9.2
FileZilla FileZilla Server 0.9.1b
FileZilla FileZilla Server 0.9.0
FileZilla FileZilla Server 0.8.9
FileZilla FileZilla Server 0.8.8
FileZilla FileZilla Server 0.8.7
FileZilla FileZilla Server 0.8.6a
FileZilla FileZilla Server 0.8.5
FileZilla FileZilla Server 0.8.4
FileZilla FileZilla Server 0.8.3
FileZilla FileZilla Server 0.8.2
FileZilla FileZilla Server 0.8.1
FileZilla FileZilla 2.2.22
FileZilla FileZilla 2.2.15
F-Secure Internet Gatekeeper 6.42
F-Secure Internet Gatekeeper 6.41
F-Secure Internet Gatekeeper 6.40 0
F-Secure Internet Gatekeeper 6.60
F-Secure Internet Gatekeeper 6.50
F-Secure Anti-Virus for MS Exchange 6.40
F-Secure Anti-Virus for MS Exchange 6.60
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Cisco Works Common Services (CWCS) 3.0
Cisco Works Common Services (CWCS) 2.2
Cisco Wireless Control System Software 4.0
Cisco Wireless Control System Software 3.2
Cisco Wide Area File Services (WAFS) 0
Cisco Wide Area Application Services (WAAS) 0
Cisco Unified Presence Server 1.0(2)
Cisco Unified Presence Server 1.0
Cisco SIP Proxy Server
Cisco Security Mars 4.2.2
Cisco Security Agent 5.0 .193
Cisco Security Agent 4.5.1 .657
Cisco Security Agent 4.5.1 .639
Cisco Security Agent 4.5.1
Cisco Security Agent 4.5
Cisco Security Agent 4.0.3 .728
Cisco Security Agent 4.0.3
Cisco Security Agent 4.0.2
Cisco Security Agent 4.0.1
Cisco Security Agent 4.0
Cisco Security Agent 2.1
Cisco Security Agent 5.1
Cisco Security Agent 5.0
Cisco Security Agent 3.x
Cisco Secure Access Control Server
Cisco ONS 15454SDH 4.6 (1)
Cisco ONS 15454SDH 4.6 (0)
Cisco ONS 15454SDH 4.5
Cisco ONS 15454SDH 4.1 (3)
Cisco ONS 15454SDH 4.1 (2)
Cisco ONS 15454SDH 4.1 (1)
Cisco ONS 15454SDH 4.1 (0)
Cisco ONS 15454SDH 4.0 (2)
Cisco ONS 15454SDH 4.0 (1)
Cisco ONS 15454SDH 4.0 (0)
Cisco ONS 15454SDH 4.0
Cisco ONS 15454SDH 3.4
Cisco ONS 15454SDH 3.3
Cisco ONS 15454SDH 3.2
Cisco ONS 15454SDH 3.1
Cisco ONS 15454SDH 2.3 (5)
Cisco ONS 15454E Optical Transport Platform 0
Cisco ONS 15454 Optical Transport Platform 4.14
Cisco ONS 15454 Optical Transport Platform 4.6 (1)
Cisco ONS 15454 Optical Transport Platform 4.6 (0)
Cisco ONS 15454 Optical Transport Platform 4.5
Cisco ONS 15454 Optical Transport Platform 4.1 (3)
Cisco ONS 15454 Optical Transport Platform 4.1 (2)
Cisco ONS 15454 Optical Transport Platform 4.1 (1)
Cisco ONS 15454 Optical Transport Platform 4.1 (0)
Cisco ONS 15454 Optical Transport Platform 4.1
Cisco ONS 15454 Optical Transport Platform 4.0 (2)
Cisco ONS 15454 Optical Transport Platform 4.0 (1)
Cisco ONS 15454 Optical Transport Platform 4.0
Cisco ONS 15454 Optical Transport Platform 3.4
Cisco ONS 15454 Optical Transport Platform 3.3
Cisco ONS 15454 Optical Transport Platform 3.2 .0
Cisco ONS 15454 Optical Transport Platform 3.1 .0
Cisco ONS 15454 Optical Transport Platform 3.0
Cisco ONS 15454 Optical Transport Platform 2.3 (5)
Cisco ONS 15454 MSTP 0
Cisco ONS 15454 MSPP 0
Cisco ONS 15454 IOS-Based Blades
Cisco MDS 9500 0
Cisco IDS 0
Cisco GSS 4492 Global Site Selector 0
Cisco GSS 4491 Global Site Selector 0
Cisco GSS 4490 Global Site Selector 0
Cisco GSS 4480 Global Site Selector
Cisco CSS11500 Content Services Switch 7.30 (00.09)S
Cisco CSS11500 Content Services Switch 7.30 (00.08)S
Cisco CSS11500 Content Services Switch 7.20 (03.10)S
Cisco CSS11500 Content Services Switch 7.20 (03.09)S
Cisco CSS11500 Content Services Switch 7.10 (05.07)S
Cisco CSS11500 Content Services Switch 7.5
Cisco CSS11500 Content Services Switch 7.4
Cisco CSS11500 Content Services Switch
Cisco CiscoWorks Common Services 2.2
Cisco CiscoWorks Common Management Foundation 2.2
Cisco CiscoWorks Common Management Foundation 2.1
Cisco CiscoWorks Common Management Foundation 2.0
Cisco CiscoWorks Common Management Foundation 0
Cisco Call Manager 4.1 (3)SR2
Cisco Call Manager 4.1 (3)SR1
Cisco Call Manager 4.1 (3)ES32
Cisco Call Manager 4.1 (3)ES24
Cisco Call Manager 4.1 (3)ES07
Cisco Call Manager 4.1 (2)ES55
Cisco Call Manager 4.1 (2)ES50
Cisco Call Manager 4.1 (2)ES33
Cisco Call Manager 4.0 (2a)SR2c
Cisco Call Manager 4.0 (2a)SR2b
Cisco Call Manager 4.0 (2a)ES62
Cisco Call Manager 4.0 (2a)ES56
Cisco Call Manager 4.0 (2a)ES40
Cisco Call Manager 4.0
Cisco Call Manager 5.1
Cisco Call Manager 4.3(1)
Cisco Call Manager 4.2(3)
Cisco Call Manager 4.1(3)SR4
Cisco Application Control Engine (ACE) Module 0
Cisco Application & Content Networking Software (ACNS)
Cisco Application & Content Networking Software
Cisco Access Registrar
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8710 CM 3.1
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8700 CM 3.1
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8500 CM 3.1
Avaya S8500 0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya S8300 CM 3.1
Avaya Predictive Dialing System (PDS) 11.0
Avaya Predictive Dialing System (PDS) 11.11
Avaya Predictive Dialer 0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 2.0
Avaya Messaging Storage Server 1.0
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Avaya Converged Communications Server 2.0
Attachmate Reflection for Secure IT 7.0
Arkoon SSL360 2.0/2
Arkoon SSL360 1.0
Arkoon Fast360 4.0/4
Arkoon Fast360 4.0/3
Arkoon Fast360 4.0/2
Arkoon Fast360 4.0/1
Arkoon Fast360 4.0
Arkoon Fast360 3.0/31
Arkoon AMC 1.0/5
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
VMWare Workstation 6.0.3 Build 80004
VMWare Workstation 6.0.3
VMWare Workstation 5.5.6 Build 80404
VMWare Server 1.0.5 Build 80187
VMWare Player 2.0.3 Build 80004
VMWare Player 1.0.6 Build 80404
VMWare ACE 2.0.3
VMWare ACE 1.0.5
Tevfik Karagulle cwRsync 2.0.10
Serv-U FTP Server 6.3.3.1
Secure Computing SnapGear 3.1.4 u2
OpenVPN OpenVPN 2.0.9
OpenSSL Project OpenSSL 0.9.8 d
OpenSSL Project OpenSSL 0.9.7 l
ISC BIND 9.4 b3
ISC BIND 9.3.3 rc3
ISC BIND 9.3.2 -P2
ISC BIND 9.2.7 rc3
ISC BIND 9.2.6 -P2
IPCop IPCop 1.4.13
Ingate SIParator 4.5.2
Ingate Firewall 4.5.2
HP System Management Homepage 2.1.9
HP System Management Homepage 2.1.8
HP System Management Homepage 2.1.7
HP OpenVMS Secure Web Server 2.2
FileZilla FileZilla Server 0.9.19
FileZilla FileZilla 2.2.28
F-Secure Anti-Virus for MS Exchange 6.61
Cisco Security Agent 5.1 .79
Cisco Security Agent 5.0.0.201
Cisco Security Agent 4.5.1.659
Cisco Secure ACS 4.1(1) build 23
Attachmate Reflection for Secure IT 7.0 SP1
Arkoon SSL360 2.0/3
Arkoon Fast360 4.0/5
Arkoon Fast360 3.0/32
Arkoon AMC 1.0/6

- 不受影响的程序版本

VMWare Workstation 6.0.3 Build 80004
VMWare Workstation 6.0.3
VMWare Workstation 5.5.6 Build 80404
VMWare Server 1.0.5 Build 80187
VMWare Player 2.0.3 Build 80004
VMWare Player 1.0.6 Build 80404
VMWare ACE 2.0.3
VMWare ACE 1.0.5
Tevfik Karagulle cwRsync 2.0.10
Serv-U FTP Server 6.3.3.1
Secure Computing SnapGear 3.1.4 u2
OpenVPN OpenVPN 2.0.9
OpenSSL Project OpenSSL 0.9.8 d
OpenSSL Project OpenSSL 0.9.7 l
ISC BIND 9.4 b3
ISC BIND 9.3.3 rc3
ISC BIND 9.3.2 -P2
ISC BIND 9.2.7 rc3
ISC BIND 9.2.6 -P2
IPCop IPCop 1.4.13
Ingate SIParator 4.5.2
Ingate Firewall 4.5.2
HP System Management Homepage 2.1.9
HP System Management Homepage 2.1.8
HP System Management Homepage 2.1.7
HP OpenVMS Secure Web Server 2.2
FileZilla FileZilla Server 0.9.19
FileZilla FileZilla 2.2.28
F-Secure Anti-Virus for MS Exchange 6.61
Cisco Security Agent 5.1 .79
Cisco Security Agent 5.0.0.201
Cisco Security Agent 4.5.1.659
Cisco Secure ACS 4.1(1) build 23
Attachmate Reflection for Secure IT 7.0 SP1
Arkoon SSL360 2.0/3
Arkoon Fast360 4.0/5
Arkoon Fast360 3.0/32
Arkoon AMC 1.0/6

- 漏洞讨论

OpenSSL is prone to a denial-of-service vulnerability.

An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users.

- 漏洞利用

An attacker may exploit this vulnerability by using the ASN.1 test suite. Symantec is not aware if this package is publicly available.

- 解决方案

The vendor has addressed this issue in OpenSSL 0.9.8d and 0.9.7l.

Please see the references for more information.

Cisco has released security response document 71992 to address this issue.


Turbolinux Turbolinux 10 F...

Secure Computing SnapGear SG560 0

Xerox WorkCentre Pro 245

Xerox WorkCentre 265

Xerox WorkCentre Pro 238

Secure Computing SnapGear SG565 0

Xerox WorkCentre Pro 255

FileZilla FileZilla Server 0.7.1

OpenSSL Project OpenSSL 0.9.7 beta1

OpenSSL Project OpenSSL 0.9.7 a

OpenSSL Project OpenSSL 0.9.7 e

OpenSSL Project OpenSSL 0.9.7 g

OpenSSL Project OpenSSL 0.9.7 f

FileZilla FileZilla Server 0.9.8 b

OpenSSL Project OpenSSL 0.9.8 c

OpenVPN OpenVPN 1.4.3

OpenVPN OpenVPN 2.0.4

HP System Management Homepage 2.1

HP System Management Homepage 2.1.3 .132

HP System Management Homepage 2.1.5

Trustix Secure Linux 3.0

ISC BIND 9.4 a1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站