int(5528)

Boletines de Vulnerabilidades

Ejecución de código en HP Controllers

Clasificación de la vulnerabilidad
Propiedad Valor
Nivel de Confianza Oficial
Impacto Aumento de privilegios
Dificultad Experto
Requerimientos del atacante Acceso fisico

Información sobre el sistema
Propiedad Valor
Fabricante afectado Networking
Software afectado HP ProCurve Access Points 5.1.x a 5.1.9,
Access Controllers 5.2.x a 5.2.7
Mobility Controllers 5.4.x a 5.4.0

Descripción
CVE-2010-3287: Se han descubierto una vulnerabilidad en HP ProCurve Access Points 5.1.x a 5.1.9, Access Controllers 5.2.x a 5.2.7,y Mobility Controllers 5.4.x a 5.4.0. La vulnerabilidad reside en los caminos de búsqueda no confiables.
Un atacante local podría ejecutar código arbitrario mediante métodos no especificados.

Solución


Actualización de software

Hewlett-Packard (HPSBGN02589)
http://www.hp.com/softwarereleases/releases-media2/SUM/How_to_be_a_SUM_customer.htm


Actualización de software

Debian (DSA 2124-1)
Debian Linux 5.0
Source archives:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.dsc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.diff.gz
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-6_all.deb
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_alpha.deb
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_amd64.deb
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_arm.deb
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_armel.deb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_i386.deb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_ia64.deb
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_mips.deb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_mipsel.deb
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_powerpc.deb
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_s390.deb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_sparc.deb

Identificadores estándar
Propiedad Valor
CVE CVE-2010-3287
BID

Recursos adicionales
HP SECURITY BULLETIN (HPSBGN02589)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02544568

Histórico de versiones
Versión Comentario Fecha
1.0 Aviso emitido 2010-10-20
1.1 2010-11-05

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT