int(829)

Vulnerability Bulletins


Acceso remoto no autorizado en OpenView Select Access

Vulnerability classification

Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information

Property Value
Affected manufacturer UNIX
Affected software hp OpenView Select Access 5.0 Patch 4
hp OpenView Select Access 5.1 Patch 1
hp OpenView Select Access 5.2
hp OpenView Select Access 6.0

Description

Se ha descubierto una vulnerabilidad en las versiones 5.0 Patch 4, 5.1 Patch 1, 5.2 y 6.0 de HP OpenView Select Access. La vulnerabilidad reside en la decodificación de la URL cuándo contiene caracteres codificados utilizando Unicode UTF-8 lo que podría permitir a un atacante remoto acceder a recursos a los que normalmente tendría el acceso denegado.

Solution



Actualización de software

HP

hp OpenView Select Access 5.1 Patch 1
hpux
http://support.openview.hp.com/cpe/patches/select_access/SA51/Patch1/SA51_Patch1_setup_hpux.zip
linux
http://support.openview.hp.com/cpe/patches/select_access/SA51/Patch1/SA51_Patch1_setup_linux.zip
solaris
http://support.openview.hp.com/cpe/patches/select_access/SA51/Patch1/SA51_Patch1_setup_solaris.zip
windows
http://support.openview.hp.com/cpe/patches/select_access/SA51/Patch1/SA51_Patch1_setup_win32.exe

hp OpenView Select Access 5.0 Patch 4
hpux
http://support.openview.hp.com/cpe/patches/select_access/SA50/Patch4/SA50_Patch4_setup_hpux.zip
linux
http://support.openview.hp.com/cpe/patches/select_access/SA50/Patch4/SA50_Patch4_setup_linux.zip
solaris
http://support.openview.hp.com/cpe/patches/select_access/SA50/Patch4/SA50_Patch4_setup_solaris.zip
windows
http://support.openview.hp.com/cpe/patches/select_access/SA50/Patch4/SA50_Patch4_setup_win32.exe
http://support.openview.hp.com/cpe/patches/select_access/SA50/Patch4/SA50_Patch4_Solutions.zip
http://support.openview.hp.com/cpe/patches/select_access/SA50/Patch4/SA50_Patch4_Source.zip

hp OpenView Select Access 5.0 Patch 4C
windows
http://support.openview.hp.com/cpe/patches/select_access/SA50/Patch4C/SA50_Eng_Patch_4C.zip

hp OpenView Select Access 5.1 Patch 1Z
windows
http://support.openview.hp.com/cpe/patches/select_access/SA51/Patch1Z/SA51_Eng_Patch_1Z.zip

hp OpenView Select Access 5.2 Patch G
windows
http://support.openview.hp.com/cpe/patches/select_access/SA52/PatchG/SA52_Eng_Patch_G.zip

hp OpenView Select Access 6.0 Patch A
windows
http://support.openview.hp.com/cpe/patches/select_access/SA60/PatchA/SA60_Eng_Patch_A.zip

Standar resources

Property Value
CVE
BID

Other resources

HP SECURITY BULLETIN SSRT4719
http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01045

Version history

Version Comments Date
1.0 Aviso emitido 2004-05-25
Ministerio de Defensa
CNI
CCN
CCN-CERT