Secunia Security Advisory - A vulnerability has been reported in HP Service Manager, which can be exploited by malicious users to bypass certain security restrictions.
fa496af570c2f434b9f9e0ff25607b0ce0f3d1eed4fa438ca298d5becf139d01
----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
HP Service Manager Unspecified Security Bypass Vulnerability
SECUNIA ADVISORY ID:
SA32712
VERIFY ADVISORY:
http://secunia.com/advisories/32712/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
>From remote
SOFTWARE:
HP Service Manager 7.x
http://secunia.com/advisories/product/20497/
DESCRIPTION:
A vulnerability has been reported in HP Service Manager, which can be
exploited by malicious users to bypass certain security restrictions.
The vulnerability is caused due to an unspecified error and can be
exploited to perform certain actions with extended privileges.
The vulnerability is reported in versions prior to 7.01.71.
SOLUTION:
Install patches.
http://support.openview.hp.com/selfsolve/patches
AIX:
Install HPSM_00019 or subsequent.
HP-UX B.11.23 (IA):
Install HPSM_00020 or subsequent.
HP-UX B.11.23 (PA) and HP-UX B.11.11:
Install HPSM_00021 or subsequent.
Linux:
Install HPSM_00022 or subsequent.
Solaris:
Install HPSM_00023 or subsequent.
Windows
Install HPSM_00024 or subsequent.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMA02385 SSRT080161:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01603910
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------