SecurityTracker: (HP Issues Fix for OpenView Operations) Java Runtime Environment Applet Class Loader Bug Lets Remote Users Connect to Localhost Sockets

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > HP OpenView

Vendors: HP (Compaq)

(HP Issues Fix for OpenView Operations) Java Runtime Environment Applet Class Loader Bug Lets Remote Users Connect to Localhost Sockets

SecurityTracker Alert ID: 1018945

SecurityTracker URL: http://securitytracker.com/id/1018945

CVE Reference: CVE-2007-3922 (Links to External Site)

Date: Nov 14 2007

Impact: Host/resource access via network

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in Java Runtime Environment (JRE). A remote user can connect to sockets on the localhost interface. HP OpenView Operations is affected.

A remote user can create a specially crafted Java spplet that, when loaded by the target user, will be able to connect to localhost sockets on the target system.

The vulnerability resides in the JRE Applet Class Loader.

Sun credits John Heasman of NGSSoftware with reporting this vulnerability.

Impact: A remote user can create an applet that, when loaded by the target user, can establish network connections to localhost sockets.

Solution: HP has issued a fix for OpenView Operations, which is affected by this vulnerability.

The following patches are available at:

http://support.openview.hp.com/patches/

OVO 7.1X
HP-UX B.11.11
PHSS_37197 or subsequent

OVO 7.1X
Solaris
ITOSOL_00619 or subsequent

OVO 8.X
HP-UX B.11.11
PHSS_37183 or subsequent

OVO 8.X
HP-UX B.11.23 (PA)
PHSS_37183 or subsequent

OVO 8.X
HP-UX B.11.23 (IA)
PHSS_37182 or subsequent

OVO 8.X
HP-UX B.11.31
PHSS_37182 or subsequent

OVO 8.X
Solaris
ITOSOL_00618 or subsequent

The HP advisory is available at:

https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01269450

Cause: Access control error

Underlying OS: UNIX (HP/UX), UNIX (Solaris - SunOS)

Message History: This archive entry is a follow-up to the message listed below.

Java Runtime Environment Applet Class Loader Bug Lets Remote Users Connect to Localhost Sockets

Source Message Contents

Date: Wed, 14 Nov 2007 14:15:31 -0500
Subject: HPSBMA02288 SSRT071465 rev.1 - HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS)



https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01269450

CVE-2007-3922, CVE-2007-3698

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC