ESB-2018.1444 - [Win][Linux][HP-UX][Solaris][AIX] HP Service Manager: Multiple vulnerabilities 2018-05-11

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1444
          Sweet32 and SQL injection patched in HP Service Manager
                                11 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           HP Service Manager
Publisher:         Hewlett-Packard
Operating System:  Solaris
                   Windows
                   Linux variants
                   HP-UX
                   AIX
Impact/Access:     Access Privileged Data          -- Remote/Unauthenticated
                   Execute Arbitrary Code/Commands -- Existing Account      
                   Provide Misleading Information  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-6494 CVE-2016-6329 CVE-2016-2183

Reference:         ESB-2016.2239.2
                   ESB-2016.2238

Original Bulletin: 
   https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
   https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656

Comment: This bulletin contains two (2) Hewlett-Packard security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Title : MFSBGN03805 - HP Service Manager, Remote Disclosure of Information
Document ID : KM03158613
Product - Version:
service manager ;
OS :
Updated : Thu May 10 16:22:07 GMT 2018
Summary :
A potential security vulnerability has been identified in Service Manager. This
vulnerability may allow an exploit against a long-duration encrypted session
known as the Sweet32 attack, and which may be exploited remotely.

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03158613

Version: 1

MFSBGN03805 - HP Service Manager, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.

Release Date: 2018-05-10

Last Updated: 2018-05-10

 

Potential Security Impact: Remote: Disclosure of Information

Source: Micro Focus, Product Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified in Service Manager. This
vulnerability may allow an exploit against a long-duration encrypted session
known as the Sweet32 attack, and which may be exploited remotely.

References:

  * CVE-2016-2183
  * CVE-2016-6329

 

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

 

  * HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35,
    v9.40, v9.41, v9.50, v9.51

 

BACKGROUND

For a PGP signed version of this security bulletin please write to: Product
Security Team

CVSS Version 3.0 and Version 2.0 Base Metrics

                                        V3                      V2
  Reference          V3 Vector         Base     V2 Vector      Base
                                      Score                   Score

               CVSS:3.0/AV:N/AC:L/            (AV:N/AC:L/
CVE-2016-2183  PR:N/UI:N/S:U/C:H/I:N  7.5     Au:N/C:P/I:N/   5.0
               /A:N                           A:N)

               CVSS:3.0/AV:N/AC:H/            (AV:N/AC:M/
CVE-2016-6329  PR:N/UI:N/S:U/C:H/I:N  5.9     Au:N/C:P/I:N/   4.3
               /A:N                           A:N)

 

 

RESOLUTION

MicroFocus has made the following information available to resolve the
vulnerability for the impacted versions of Service Manager:

For versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35 please upgrade to SM 9.35.P6:

SM9.35 P6 packages, SM 9.35 AIX Server 9.35.6007 p6 http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00916

SM 9.35 HP Itanium Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/
group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00917

SM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6 http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00918

SM 9.35 Linux Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/
softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00919

SM 9.35 Solaris Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/
group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00920

SM 9.35 Windows Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/
group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00921

For version 9.40, 9.41 please upgrade to SM 9.41.P6:

SM9.41.P6 packages, Service Manager 9.41.6000 p6 - Server for AIX http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00891

Service Manager 9.41.6000 p6 - Server for HP-UX/IA http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00892

Service Manager 9.41.6000 p6 - Server for Linux http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00893

Service Manager 9.41.6000 p6 - Server for Solaris http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00894

Service Manager 9.41.6000 p6 - Server for Windows http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00895

For version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:

SM9.52.P2 packages, Service Manager 9.52.2021 p2 - Server for Windows http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00906

Service Manager 9.52.2021 p2 - Server for Linux http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00907

For version 9.50, 9.51 SMSP and SMC components please upgrade to SM 9.52:

SM9.52 packages, Service Manager 9.52 as a minor.minor full (MMF) release (due
to the new SP aggregation SKU for Propel customers) is released on the
following sites instead of SSO. https://h22255.www2.hpe.com/mysoftware/index

HISTORY
Version:1 (rev.1) - 10 May 2018 Initial release

- --------------------------------------------------------------------------------

Title : MFSBGN03807 rev.1 - HP Service Manager Software, Multiple
Vulnerabilities
Document ID : KM03158656
Product - Version:
service manager ;
OS :
Updated : Thu May 10 22:42:34 GMT 2018
Summary :
A potential security vulnerability has been identified with Service Manager.
The vulnerability could be exploited to perform SQL Injection against the
Service Manager Web Tier which may lead to unauthorized disclosure of data.

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03158656

Version: 1

MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection

NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.

Release Date: 2018-05-10

Last Updated: 2018-05-10


Potential Security Impact: Remote: SQL Injection

Source: Micro Focus, Product Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified with Service Manager.
The vulnerability could be exploited to perform SQL Injection against the
Service Manager Web Tier which may lead to unauthorized disclosure of data.

References:

  * CVE-2018-6494 - Remote SQL Injection

 

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

 

  * HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35,
    v9.40, v9.41, v9.50, v9.51

 

BACKGROUND

For a PGP signed version of this security bulletin please write to: Product
Security Team

CVSS Version 3.0 and Version 2.0 Base Metrics

                                        V3                      V2
  Reference          V3 Vector         Base     V2 Vector      Base
                                      Score                   Score

               CVSS:3.0/AV:N/AC:L/            (AV:N/AC:L/
CVE-2018-6494  PR:L/UI:N/S:C/C:L/I:L  6.1     Au:S/C:P/I:P/   5.5
               /A:N                           A:N)

 

 

RESOLUTION

MicroFocus has made the following resolution information available to resolve
the vulnerability for the impacted versions of Service Manager:

For versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35 please upgrade to SM 9.35.P6

SM9.35 P6 package, SM 9.35 Webtier 9.35.6007 p6

https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00922

For version 9.40, 9.41 please upgrade to SM 9.41.P6

SM9.41.P6 package, Service Manager 9.41.6000 p6 - Web Tier

http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00896

For version 9.50, 9.51 please upgrade to SM 9.52.P2

SM9.52.P2 package, Service Manager 9.52.2021 p2 - Web Tier

http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00908

HISTORY
Version:1 (rev.1) - 10 May 2018 Initial release

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWvTfmYx+lLeg9Ub1AQiu1BAAhgU2zqzKqqa8yufqO7YKMHoJZ/mzxkNk
teudKmQza9w91f1Uifo0bItuntEOMrXk1P8KqieKtv2ga17JbhMThceWHTS1voIE
O1jGlMDOKiaCkyALr331u8NTTXJRsTMIE63xPlpTw+n0LL/PhsL97WC7tMKsiLHQ
d1LECPm4eofbHX02JCdxsVWTDbB1buzqbNinpvm9PbOc4AGfks9SWrzl+RiZeAtR
eh6gI1tyJzpG53JloTDu+UhUyQtKSOdMyEGRMX0RWNbaDSL+ItmTd/+X5s4DxPV/
63xTkdSiQj+26b788Li1QcRLMPlyosS7AB5WvZ/664jMvxmb85MU1Rm2kJm+eDm1
MonXXUPm4/dr2DmSJtHl+9YyFJaud0sPD59Exfq7c7ArV72VL7sensxQ5JerSZYd
VArX4Wovx22TB5NtPdM4i/TZOtRVApHUYJPDhSaRJPwMjKvCWDS2s+bi+NKq33vf
MhbN5meOMkTAEdSb2LC779JINmeoom+VF/c0ihqulvEwG+K9/SyPFgTpU3qefldi
Vwa7u/PROgl9Xj8+NiFHEEAO6EgKo8GCn2mutZOmUn2KNUYMKbsAFrtLdsBHA/pD
kxJXl1Ag0BXazb3wvCYHL4aBs15Nipivx9r9J7YSaC6NPeRfdH/mAhdnGZkq4SAG
M4NoM6yqqDY=
=n1TS
-----END PGP SIGNATURE-----

« Back to bulletins