Secunia Security Advisory - Hitachi has acknowledged a security issue in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges.
5a50d76623ea018d8c52b0adbf3f8d9656d074b19d9468a5dc552656b96f04fd
----------------------------------------------------------------------
Use WSUS to deploy 3rd party patches
Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Hitachi JP1/Cm2/Network Node Manager Remote Console Insecure File
Permissions
SECUNIA ADVISORY ID:
SA38740
VERIFY ADVISORY:
http://secunia.com/advisories/38740/
DESCRIPTION:
Hitachi has acknowledged a security issue in Hitachi JP1/Cm2/Network
Node Manager, which can be exploited by malicious, local users to
manipulate certain data and potentially gain escalated privileges.
The security issue is caused due to insecure file permissions when
running the Network Node Manager Remote Console, which can be
exploited to replace affected files.
The security issue is reported in the following products and
versions:
* JP1/Cm2/Network Node Manager Enterprise version 06-51 to 06-71
* JP1/Cm2/Network Node Manager 250 version 06-51 to 06-71
* JP1/Cm2/Network Node Manager version 07-00 to 07-10
* JP1/Cm2/Network Node Manager Starter Edition Enterprise version
08-00 to 08-10
* JP1/Cm2/Network Node Manager Starter Edition 250 version 08-00 to
08-10
SOLUTION:
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-002/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------