-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03153338
Version: 1

HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-01-13
Last Updated: 2012-01-13

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP StorageWorks Modular Smart Array P2000 G3. This vulnerability could be exploited to allow remote execution of arbitrary code.

References: CVE-2011-4788, ZDI-12-015

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP StorageWorks Modular Smart Array P2000 G3 - all release firmware revisions before TS230P008.

Hardware or Software Platforms Affected

BV913A HP P2000 G3 FC MSA DC w/12 300GB 6G SAS 10K SFF HDD 3.6TB Bundle
BV914A HP P2000 G3 FC MSA DC w/12 600GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV901A HP P2000 G3 FC MSA DC w/24 146GB 6G SAS 15K SFF HDD 3.5TB Bundle
BV902A HP P2000 G3 FC MSA DC w/24 300GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV903A HP P2000 G3 FC MSA DC w/24 600GB 6G SAS 10K SFF HDD 14.4TB Bundle
BV915A HP P2000 G3 FC/iSCSI MSA DC w/12 300GB 6G SAS 10K SFF HDD 3.6TB
BV916A HP P2000 G3 FC/iSCSI MSA DC w/12 600GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV904A HP P2000 G3 FC/iSCSI MSA DC w/24 146GB 6G SAS 15K SFF HDD 3.5TB Bundle
BV905A HP P2000 G3 FC/iSCSI MSA DC w/24 300GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV906A HP P2000 G3 FC/iSCSI MSA DC w/24 600GB 6G SAS 10K SFF HDD 14.4TB Bundle
BV917A HP P2000 G3 SAS MSA DC w/12 300GB 6G SAS 10K SFF HDD 3.6TB Bundle
BV918A HP P2000 G3 SAS MSA DC w/12 600GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV907A HP P2000 G3 SAS MSA DC w/24 146GB 6G SAS 15K SFF HDD 3.5TB Bundle
BV908A HP P2000 G3 SAS MSA DC w/24 300GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV909A HP P2000 G3 SAS MSA DC w/24 600GB 6G SAS 10K SFF HDD 14.4TB Bundle
BV919A HP P2000 G3 iSCSI MSA DC w/12 300GB 6G SAS 10K SFF HDD 3.6TB Bundle
BV920A HP P2000 G3 iSCSI MSA DC w/12 600GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV910A HP P2000 G3 iSCSI MSA DC w/24 146GB 6G SAS 15K SFF HDD 3.5TB Bundle
BV911A HP P2000 G3 iSCSI MSA DC w/24 300GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV912A HP P2000 G3 iSCSI MSA DC w/24 600GB 6G SAS 10K SFF HDD 14.4TB Bundle
AW596A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller LFF Array System
AW597A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller SFF Array System
AP847A HP StorageWorks P2000 G3 FC MSA Dual Controller Small Business SAN Starter Kit
AP848A HP StorageWorks P2000 G3 FC MSA Dual Controller Virtualization SAN Starter Kit
BK816A HP StorageWorks P2000 G3 FC/iSCSI w/24 300GB 6G SAS 10K SFF DP 7.2K 7.2TB Bundle
BK746SB HP StorageWorks P2000 G3 MSA FC Dual Controller LFF Array Starter Kit/S-Buy
AP845A HP StorageWorks P2000 G3 MSA FC Dual Controller LFF Modular Smart Array System
BK747SB HP StorageWorks P2000 G3 MSA FC Dual Controller SFF Array Starter Kit/S-Buy
AP846A HP StorageWorks P2000 G3 MSA FC Dual Controller SFF Modular Smart Array System
AW567A HP StorageWorks P2000 G3 MSA FC/iSCSI Dual Combo Controller LFF Array
AW568A HP StorageWorks P2000 G3 MSA FC/iSCSI Dual Combo Controller SFF Array
BK748SB HP StorageWorks P2000 G3 MSA FC/iSCSI Dual Combo LFF Array Starter Kit/S-Buy
BK749SB HP StorageWorks P2000 G3 MSA FC/iSCSI Dual Combo SFF Array Starter Kit/S-Buy
AW593A HP StorageWorks P2000 G3 SAS MSA Dual Controller LFF Array System
AW594A HP StorageWorks P2000 G3 SAS MSA Dual Controller SFF Array System
BV842A HP StorageWorks P2000 G3 SAS w/24 300GB 6G SAS 10K SFF DP 10K 7.2TB Bundle
BK830A HP StorageWorks P2000 G3 iSCSI MSA Dual Controller LFF Array System
BK831A HP StorageWorks P2000 G3 iSCSI MSA Dual Controller SFF Array System

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
  Reference              Base Vector             Base Score
CVE-2011-4788    (AV:N/AC:L/Au:N/C:C/I:P/A:P)       9.0
===========================================================
             Information on CVSS is documented
            in HP Customer Notice: HPSN-2008-002

RESOLUTION

The vulnerability can be resolved by the following procedure:

Disable the array's HTTP and HTTPS network management services (Note: This will also disable all management access from a Web browser. Array management access may be maintained via Command Line Interface [CLI].) Use the instructions outlined in the Workaround section below to disable the HTTP and HTTPS network management services.

Install TS230P008 firmware as soon as possible. If the HTTP and HTTPS network management services have been previously disabled, the services may be re-enabled as the issue is fully resolved in TS230P008 firmware.

TS230P008 firmware installation and workaround instructions:

Go to http://www.hp.com/support/storage

Under Disk Storage Systems, click P2000/MSA Disk Arrays .

Click HP P2000 G3 MSA Array Systems , then click Download drivers and software .

Select your product and operating system.

Click Firmware - Storage Controller .
In the Description column of the table, click the title of the firmware:

To download the firmware, click Download .

To read the release notes, click the Release Notes tab.

Note: If you have trouble finding your product, drivers, or software, use the Product Search function from http://www.hp.com/support/downloads and enter your product number.

Before running the TS230P008 Smart Component, verify that both the telnet and FTP options are enabled on the array to allow the Smart Component to run successfully.

Workaround

Disable the HTTP/HTTPS service protocols:

Note:

Disabling the HTTP/HTTPS services will disable the Storage Management Utility (SMU), including Web access to manage the system. All management must be performed by CLI telnet. If the system can not be accessed through CLI telnet, upgrade the system to TS230P008 to resolve this issue.

Any scripts requiring HTTP or HTTPS access will no longer function with HTTP or HTTPS disabled.

To disable the HTTP/HTTPS service protocols, enter the following command at the CLI prompt:

# set protocols http disabled https disabled
Success: Command completed successfully.

The HTTP and HTTPS services must be re-enabled to resume SMU access.

To re-enable the HTTP or HTTPS protocols, enter the following command at the CLI prompt:

# set protocols http enabled https enabled
Success: Command completed successfully.

HISTORY
Version:1 (rev.1) - 13 January 2012 Initial Release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8QhcMACgkQ4B86/C0qfVmK3ACg9HSIAJtR454cfJ+HY1/eqxNt
mOQAniPeyZspiM3sNm3XWqk5NFUVCvAe
=dbUJ
-----END PGP SIGNATURE-----