(HP Issues Fix for OpenView Operations) Java Secure Socket Extension (JSSE) SSL/TLS Handshake Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1018946 |
|
SecurityTracker URL: http://securitytracker.com/id/1018946
|
|
CVE Reference:
CVE-2007-3698
(Links to External Site)
|
Date: Nov 14 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Java Secure Socket Extension (JSSE). A remote user can cause denial of service conditions. HP OpenView Operations is affected.
JSSE does not properly process SSL/TLS handshake requests. A remote user can send a specially crafted request to cause the target system to crash.
Sun credits Cisco Systems with reporting this vulnerability.
|
Impact:
A remote user can cause the target system to crash.
|
Solution:
HP has issued a fix for OpenView Operations, which is affected by this vulnerability.
The following patches are available at:
http://support.openview.hp.com/patches/
OVO 7.1X
HP-UX B.11.11
PHSS_37197 or subsequent
OVO 7.1X
Solaris
ITOSOL_00619 or subsequent
OVO 8.X
HP-UX B.11.11
PHSS_37183 or subsequent
OVO 8.X
HP-UX B.11.23 (PA)
PHSS_37183 or subsequent
OVO 8.X
HP-UX B.11.23 (IA)
PHSS_37182 or subsequent
OVO 8.X
HP-UX B.11.31
PHSS_37182 or subsequent
OVO 8.X
Solaris
ITOSOL_00618 or subsequent
The HP advisory is available at:
https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01269450
|
Cause:
Exception handling error
|
Underlying OS:
UNIX (HP/UX), UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 14 Nov 2007 14:15:31 -0500
Subject: HPSBMA02288 SSRT071465 rev.1 - HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS)
|
https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01269450
CVE-2007-3922, CVE-2007-3698
|
|
