what you don't know can hurt you

HP Security Bulletin HPSBMU02746 SSRT100781

HP Security Bulletin HPSBMU02746 SSRT100781
Posted Mar 14, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02746 SSRT100781 - Potential security vulnerabilities have been identified with HP Data Protector Express (DPX) 5.0 and 6.0. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2012-0121, CVE-2012-0122, CVE-2012-0123, CVE-2012-0124
MD5 | 545f4c9a4f980e19aa7a824d5318a9b1

HP Security Bulletin HPSBMU02746 SSRT100781

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03229235
Version: 1

HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-03-12
Last Updated: 2012-03-12

------------------------------------------------------------------------------

Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Data Protector Express (DPX) 5.0 and 6.0. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code.

References: CVE-2012-0121, ZDI-CAN-1392; CVE-2012-01222, ZDI-CAN-1393; CVE-2012-0123, ZDI-CAN-1498; and CVE-2012-0124

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express (DPX) 5.0.00 prior to build 59287
HP Data Protector Express (DPX) 6.0.00 prior to build 11974

Note: DPX users can identify the build number by clicking on 'Help' and then 'About'.

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-0121 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0124 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002

The Hewlett-Packard Company thanks e6af8de8b1d4b2b6d5ba2610cbf9cd38 working with TippingPoint for reporting CVE-2012-0123 to security-alert@hp.com
The Hewlett-Packard Company thanks Aaron Portnoy of TippingPoint for reporting CVE-2012-0121 and CVE-2012-0122 to security-alert@hp.com
The Hewlett-Packard Company thanks Juan Vazquez along with BeyondSecurity.com for reporting CVE-2012-0124 to security-alert@hp.com

RESOLUTION

HP has provided upgrades to resolve these vulnerabilities. For Installations Running Data Protector Express 6.0

Microsoft Windows, Linux (see Compatibility Matrix link below)
Install HP Data Protector Express 6.0.01 build 13958 or later, available here:
http://h20000.www2.hp.com/bizsupport/TechSupport/ProductList.jsp?prodSeriesId=1144272

For Installations Running Data Protector Express 5.0

Microsoft Windows, Linux (see Compatibility Matrix link below)
Install HP Data Protector Express 5.0.01 build 70262 or later, available here:
http://h20000.www2.hp.com/bizsupport/TechSupport/ProductList.jsp?prodSeriesId=1144272

The HP Data Protector Express Compatibility Matrix provides information about the operating systems, applications, and backup devices tested by HP to be compatible with Data Protector Express and Data Protector Express Basic. See http://h18006.www1.hp.com/products/storage/software/datapexp/pdf/DPXMatrix_1109.pdf

Note: For questions about upgrading Data Protector Express, contact HP Services and Support.

HISTORY
Version:1 (rev.1) 12 March 2012 Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk9etOEACgkQ4B86/C0qfVlpSwCfdUeJOCp+RNZiU6ayWyBG3qST
hRwAoKRu/WeO2sMekCxqdaI7IuW9717H
=+Y3r
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    15 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close