(HP Issues Fix for OpenView) Java Runtime Environment Applet Class Loader Bug Lets Remote Users Connect to Localhost Sockets
|
|
SecurityTracker Alert ID: 1021757 |
|
SecurityTracker URL: http://securitytracker.com/id/1021757
|
|
CVE Reference:
CVE-2007-3922
(Links to External Site)
|
Date: Feb 25 2009
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7.01, 7.51, 7.53
|
Description:
A vulnerability was reported in Java Runtime Environment (JRE). A remote user can connect to sockets on the localhost interface. HP OpenView Network Node Manager is affected.
A remote user can create a specially crafted Java spplet that, when loaded by the target user, will be able to connect to localhost sockets on the target system.
The vulnerability resides in the JRE Applet Class Loader.
Sun credits John Heasman of NGSSoftware with reporting this vulnerability.
|
Impact:
A remote user can create an applet that, when loaded by the target user, can establish network connections to localhost sockets.
|
Solution:
HP has issued a fix for HP OpenView Network Node Manager, which is affected by this vulnerability.
The HP advisory is available at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01601492
|
Vendor URL: h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01601492 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 24 Feb 2009 19:24:07 -0500
Subject: HPSBMA02384 SSRT071465 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access, Denial of Service (DoS)
|
https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01601492
CVE-2007-3698, CVE-2007-3922
|
|
