[Info-vax] HP OpenVMS, local Denial of Service - HP Security Bulletin

DTL didier.morandi at gmail.com
Fri Apr 20 02:28:29 EDT 2012 

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03281869
Version: 1

HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-04-16
Last Updated: 2012-04-16

Potential Security Impact: Local Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP OpenVMS. The vulnerability could be locally exploited to cause a Denial of Service (DoS).

References: CVE-2012-0134

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenVMS running V7.3-2 Alpha, V8.3 Alpha/IA64, V8.3-1h1 IA64, and V8.4 Alpha/IA64.

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-0134 (AV:L/AC:L/Au:S/C:N/I:N/A:C) 4.6
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following patch kits available to resolve the vulnerability.

OpenVMS Versions
Kit Name

V7.3-2 Alpha
VMS732_MUP-V0200

V8.3 Alpha
VMS83A_MUP-V0100

V8.3 IA64
VMS83I_MUP-V0100

V8.3-1h1 IA64
VMS831H1I_MUP-V0100

V8.4 Alpha
VMS84A_MUP-V0200

V8.4 IA64
VMS84I_MUP-V0300

HISTORY
Version:1 (rev.1) 16 April 2012 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert (at) hp (dot) com. [email concealed]

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert (at) hp (dot) com [email concealed]

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=
emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P.

More information about the Info-vax mailing list