[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of
From: HPE Product Security Response Team <security-alert () hpe ! com>
Date: 2017-05-22 18:32:32
Message-ID: 5d9c0a2181c947ff87450883b8873723 () G9W8669 ! americas ! hpqcorp ! net
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03744en_us
Version: 1
HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, \
Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as \
possible.
Release Date: 2017-05-12
Last Updated: 2017-05-12
Potential Security Impact: Remote: Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities with OpenSSL have been addressed for HPE \
Intelligent Management Center (iMC) PLAT. The vulnerabilities could be remotely \
exploited resulting in Denial of Service (DoS).
References:
- CVE-2016-7053 - Remote Denial of Service (DoS)
- CVE-2016-7054 - Remote Denial of Service (DoS)
- CVE-2016-7055 - Remote Denial of Service (DoS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP Intelligent Management Center (iMC) All versions prior to IMC PLAT 7.3
E0504P04 - Please refer to the RESOLUTION below for a list of impacted products.
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-7053
3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2016-7054
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-7055
3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software update available to resolve the vulnerability in \
the iMC PLAT network products listed.
+ **iMC PLAT - Version: Fixed in IMC PLAT 7.3 E0504P04**
* HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center \
Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
- JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node \
and 150-AP E-LTU
- JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU
- JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition \
E-LTU
- JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU
- JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition \
E-LTU
- JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node \
E-LTU
**Note:** Please contact HPE Technical Support if any assistance is needed acquiring \
the software updates.
HISTORY
Version:1 (rev.1) - 11 May 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed \
on systems running Hewlett Packard Enterprise (HPE) software products should be \
applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, \
contact normal HPE Services support channel. For other issues about the content of \
this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported
product:
Web form: https://www.hpe.com/info/report-security-vulnerability
Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts \
via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is \
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title \
by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or \
omissions contained herein. The information provided is provided "as is" without \
warranty of any kind. To the extent permitted by law, neither HP or its affiliates, \
subcontractors or suppliers will be liable for incidental,special or consequential \
damages including downtime cost; lost profits; damages relating to the procurement of \
substitute products or services; or damages for loss of data, or software \
restoration. The information in this document is subject to change without notice. \
Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products \
referenced herein are trademarks of Hewlett Packard Enterprise in the United States \
and other countries. Other product and company names mentioned herein may be \
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJZFeKtAAoJELXhAxt7SZaiRGsIAImuEb7T1YhoNUsms1P4Gs7m
6gdJgQAtTBi82UY8V+KKU9ATE+clfYVTz/a0wh5btzjh/pwczQAf84a9ezvEPp6R
1sU3g/I1NpVFOhs3R6zr3/p+r/ISGJLlPOLM+FVsOGeu8MDH5UlSU6e58msAbXQ6
1PGIAzGcBPBfZ16R9ykJz0IZDxwQ5RoDdUx6+4j8OJG9OUx3gx9LDb7Bgu67Uw2w
8PlvNyy75hITWg/3crrH5rYTtoHgNraS5aofOAmPdSmKHpAe6ZLlZ0HT9mMfKeNM
6CWP+EuSoYI1jKxObBgNJ2hjyqKCuZsx4m45RKBfE7Bi0D/hU9qPXFdEziI5bfQ=
=WUDj
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic