'HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of '

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of 
From:       HPE Product Security Response Team <security-alert () hpe ! com>
Date:       2017-05-22 18:32:32
Message-ID: 5d9c0a2181c947ff87450883b8873723 () G9W8669 ! americas ! hpqcorp ! net
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03744en_us
Version: 1

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, \
Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as \
possible.

Release Date: 2017-05-12
Last Updated: 2017-05-12

Potential Security Impact: Remote: Denial of Service (DoS)

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities with OpenSSL have been addressed for HPE \
Intelligent Management Center (iMC) PLAT. The vulnerabilities could be remotely \
exploited resulting in Denial of Service (DoS).

References:

  - CVE-2016-7053 - Remote Denial of Service (DoS)
  - CVE-2016-7054 - Remote Denial of Service (DoS)
  - CVE-2016-7055 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  - HP Intelligent Management Center (iMC) All versions prior to IMC PLAT 7.3
E0504P04 - Please refer to the RESOLUTION below for a list of impacted products.

BACKGROUND

  CVSS Base Metrics
  =================
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2016-7053
      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

    CVE-2016-7054
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

    CVE-2016-7055
      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
      2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software update available to resolve the vulnerability in \
the iMC PLAT network products listed.

  + **iMC PLAT - Version: Fixed in IMC PLAT 7.3 E0504P04**
    * HP Network Products
      - JD125A  HP IMC Std S/W Platform w/100-node
      - JD126A  HP IMC Ent S/W Platform w/100-node
      - JD808A  HP IMC Ent Platform w/100-node License
      - JD814A   HP A-IMC Enterprise Edition Software DVD Media
      - JD815A  HP IMC Std Platform w/100-node License
      - JD816A  HP A-IMC Standard Edition Software DVD Media
      - JF288AAE  HP Network Director to Intelligent Management Center Upgrade E-LTU
      - JF289AAE  HP Enterprise Management System to Intelligent Management Center \
                Upgrade E-LTU
      - JF377A  HP IMC Std S/W Platform w/100-node Lic
      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU
      - JF378A  HP IMC Ent S/W Platform w/200-node Lic
      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU
      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU
      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU
      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU
      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU
      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU
      - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node \
                and 150-AP E-LTU
      - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU
      - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition \
                E-LTU
      - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU
      - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition \
                E-LTU
      - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node \
E-LTU



**Note:** Please contact HPE Technical Support if any assistance is needed acquiring \
the software updates.

HISTORY
Version:1 (rev.1) - 11 May 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed \
on systems running Hewlett Packard Enterprise (HPE) software products should be \
applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, \
contact normal HPE Services support channel. For other issues about the content of \
this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported
product:
  Web form: https://www.hpe.com/info/report-security-vulnerability
  Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts \
via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is \
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title \
by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or \
omissions contained herein. The information provided is provided "as is" without \
warranty of any kind. To the extent permitted by law, neither HP or its affiliates, \
subcontractors or suppliers will be liable for incidental,special or consequential \
damages including downtime cost; lost profits; damages relating to the procurement of \
substitute products or services; or damages for loss of data, or software \
restoration. The information in this document is subject to change without notice. \
Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products \
referenced herein are trademarks of Hewlett Packard Enterprise in the United States \
and other countries. Other product and company names mentioned herein may be \
                trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJZFeKtAAoJELXhAxt7SZaiRGsIAImuEb7T1YhoNUsms1P4Gs7m
6gdJgQAtTBi82UY8V+KKU9ATE+clfYVTz/a0wh5btzjh/pwczQAf84a9ezvEPp6R
1sU3g/I1NpVFOhs3R6zr3/p+r/ISGJLlPOLM+FVsOGeu8MDH5UlSU6e58msAbXQ6
1PGIAzGcBPBfZ16R9ykJz0IZDxwQ5RoDdUx6+4j8OJG9OUx3gx9LDb7Bgu67Uw2w
8PlvNyy75hITWg/3crrH5rYTtoHgNraS5aofOAmPdSmKHpAe6ZLlZ0HT9mMfKeNM
6CWP+EuSoYI1jKxObBgNJ2hjyqKCuZsx4m45RKBfE7Bi0D/hU9qPXFdEziI5bfQ=
=WUDj
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic