|
IBM HMC Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA27961
|
|
|
Release Date:
|
2007-12-07
|
|
Last Update:
|
2007-12-12
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | IBM Hardware Management Console (HMC)
|
|
| | CVE reference: | CVE-2007-5135 (Secunia mirror)
CVE-2007-6293 (Secunia mirror)
CVE-2007-6305 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in IBM HMC, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a vulnerable system.
1) Unspecified errors in some HMC commands can be exploited to gain escalated privileges.
2) An Off-By-One error within OpenSSL can potentially be exploited to compromise a vulnerable system.
The vulnerabilities are reported in version 6 release 1.3 and in version 7 release 3.2.0. Prior versions may also be affected.
Solution:
Apply patches.
HMC Version 6:
Install PTF MH01064.
HMC Version 7:
Install PTF MH01065.
Provided and/or discovered by:
1) Reported by the vendor.
Changelog:
2007-12-12: Added CVE reference.
Original Advisory:
IBM:
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4037
http://www14.software.ibm.com/webapp/...criptions/pqvcmjd?mode=18&ID=4038
Other References:
SA22130:
http://secunia.com/advisories/22130/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
11 Related Secunia Security Advisories, displaying 10
|
|
|
1. IBM HMC Apache Multiple Vulnerabilities
|
|
2. IBM Hardware Management Console Pegasus CIM Denial of Service
|
|
3. IBM HMC Version 3 Privilege Escalation Vulnerabilities
|
|
4. IBM HMC OpenSSH / OpenSSL Vulnerabilities
|
|
5. IBM HMC Apache2 / OpenSSL Vulnerabilities
|
|
6. IBM HMC Apache Buffer Overflow Vulnerability
|
|
7. IBM HMC Sendmail and OpenSSH Vulnerabilities
|
|
8. IBM HMC OpenSSL Vulnerabilities
|
|
9. IBM HMC apache/mod_ssl Vulnerabilities
|
|
10. IBM HMC Guided Setup Wizard Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
