Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.1444
Sweet32 and SQL injection patched in HP Service Manager
11 May 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: HP Service Manager
Publisher: Hewlett-Packard
Operating System: Solaris
Windows
Linux variants
HP-UX
AIX
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Existing Account
Provide Misleading Information -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-6494 CVE-2016-6329 CVE-2016-2183
Reference: ESB-2016.2239.2
ESB-2016.2238
Original Bulletin:
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656
Comment: This bulletin contains two (2) Hewlett-Packard security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Title : MFSBGN03805 - HP Service Manager, Remote Disclosure of Information
Document ID : KM03158613
Product - Version:
service manager ;
OS :
Updated : Thu May 10 16:22:07 GMT 2018
Summary :
A potential security vulnerability has been identified in Service Manager. This
vulnerability may allow an exploit against a long-duration encrypted session
known as the Sweet32 attack, and which may be exploited remotely.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158613
Version: 1
MFSBGN03805 - HP Service Manager, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.
Release Date: 2018-05-10
Last Updated: 2018-05-10
Potential Security Impact: Remote: Disclosure of Information
Source: Micro Focus, Product Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in Service Manager. This
vulnerability may allow an exploit against a long-duration encrypted session
known as the Sweet32 attack, and which may be exploited remotely.
References:
* CVE-2016-2183
* CVE-2016-6329
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
* HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35,
v9.40, v9.41, v9.50, v9.51
BACKGROUND
For a PGP signed version of this security bulletin please write to: Product
Security Team
CVSS Version 3.0 and Version 2.0 Base Metrics
V3 V2
Reference V3 Vector Base V2 Vector Base
Score Score
CVSS:3.0/AV:N/AC:L/ (AV:N/AC:L/
CVE-2016-2183 PR:N/UI:N/S:U/C:H/I:N 7.5 Au:N/C:P/I:N/ 5.0
/A:N A:N)
CVSS:3.0/AV:N/AC:H/ (AV:N/AC:M/
CVE-2016-6329 PR:N/UI:N/S:U/C:H/I:N 5.9 Au:N/C:P/I:N/ 4.3
/A:N A:N)
RESOLUTION
MicroFocus has made the following information available to resolve the
vulnerability for the impacted versions of Service Manager:
For versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35 please upgrade to SM 9.35.P6:
SM9.35 P6 packages, SM 9.35 AIX Server 9.35.6007 p6 http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00916
SM 9.35 HP Itanium Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/
group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00917
SM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6 http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00918
SM 9.35 Linux Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/
softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00919
SM 9.35 Solaris Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/
group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00920
SM 9.35 Windows Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/
group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00921
For version 9.40, 9.41 please upgrade to SM 9.41.P6:
SM9.41.P6 packages, Service Manager 9.41.6000 p6 - Server for AIX http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00891
Service Manager 9.41.6000 p6 - Server for HP-UX/IA http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00892
Service Manager 9.41.6000 p6 - Server for Linux http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00893
Service Manager 9.41.6000 p6 - Server for Solaris http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00894
Service Manager 9.41.6000 p6 - Server for Windows http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00895
For version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:
SM9.52.P2 packages, Service Manager 9.52.2021 p2 - Server for Windows http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00906
Service Manager 9.52.2021 p2 - Server for Linux http://
softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00907
For version 9.50, 9.51 SMSP and SMC components please upgrade to SM 9.52:
SM9.52 packages, Service Manager 9.52 as a minor.minor full (MMF) release (due
to the new SP aggregation SKU for Propel customers) is released on the
following sites instead of SSO. https://h22255.www2.hpe.com/mysoftware/index
HISTORY
Version:1 (rev.1) - 10 May 2018 Initial release
- --------------------------------------------------------------------------------
Title : MFSBGN03807 rev.1 - HP Service Manager Software, Multiple
Vulnerabilities
Document ID : KM03158656
Product - Version:
service manager ;
OS :
Updated : Thu May 10 22:42:34 GMT 2018
Summary :
A potential security vulnerability has been identified with Service Manager.
The vulnerability could be exploited to perform SQL Injection against the
Service Manager Web Tier which may lead to unauthorized disclosure of data.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158656
Version: 1
MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection
NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.
Release Date: 2018-05-10
Last Updated: 2018-05-10
Potential Security Impact: Remote: SQL Injection
Source: Micro Focus, Product Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with Service Manager.
The vulnerability could be exploited to perform SQL Injection against the
Service Manager Web Tier which may lead to unauthorized disclosure of data.
References:
* CVE-2018-6494 - Remote SQL Injection
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
* HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35,
v9.40, v9.41, v9.50, v9.51
BACKGROUND
For a PGP signed version of this security bulletin please write to: Product
Security Team
CVSS Version 3.0 and Version 2.0 Base Metrics
V3 V2
Reference V3 Vector Base V2 Vector Base
Score Score
CVSS:3.0/AV:N/AC:L/ (AV:N/AC:L/
CVE-2018-6494 PR:L/UI:N/S:C/C:L/I:L 6.1 Au:S/C:P/I:P/ 5.5
/A:N A:N)
RESOLUTION
MicroFocus has made the following resolution information available to resolve
the vulnerability for the impacted versions of Service Manager:
For versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35 please upgrade to SM 9.35.P6
SM9.35 P6 package, SM 9.35 Webtier 9.35.6007 p6
https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00922
For version 9.40, 9.41 please upgrade to SM 9.41.P6
SM9.41.P6 package, Service Manager 9.41.6000 p6 - Web Tier
http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00896
For version 9.50, 9.51 please upgrade to SM 9.52.P2
SM9.52.P2 package, Service Manager 9.52.2021 p2 - Web Tier
http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/
facetsearch/document/LID/HPSM_00908
HISTORY
Version:1 (rev.1) - 10 May 2018 Initial release
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWvTfmYx+lLeg9Ub1AQiu1BAAhgU2zqzKqqa8yufqO7YKMHoJZ/mzxkNk
teudKmQza9w91f1Uifo0bItuntEOMrXk1P8KqieKtv2ga17JbhMThceWHTS1voIE
O1jGlMDOKiaCkyALr331u8NTTXJRsTMIE63xPlpTw+n0LL/PhsL97WC7tMKsiLHQ
d1LECPm4eofbHX02JCdxsVWTDbB1buzqbNinpvm9PbOc4AGfks9SWrzl+RiZeAtR
eh6gI1tyJzpG53JloTDu+UhUyQtKSOdMyEGRMX0RWNbaDSL+ItmTd/+X5s4DxPV/
63xTkdSiQj+26b788Li1QcRLMPlyosS7AB5WvZ/664jMvxmb85MU1Rm2kJm+eDm1
MonXXUPm4/dr2DmSJtHl+9YyFJaud0sPD59Exfq7c7ArV72VL7sensxQ5JerSZYd
VArX4Wovx22TB5NtPdM4i/TZOtRVApHUYJPDhSaRJPwMjKvCWDS2s+bi+NKq33vf
MhbN5meOMkTAEdSb2LC779JINmeoom+VF/c0ihqulvEwG+K9/SyPFgTpU3qefldi
Vwa7u/PROgl9Xj8+NiFHEEAO6EgKo8GCn2mutZOmUn2KNUYMKbsAFrtLdsBHA/pD
kxJXl1Ag0BXazb3wvCYHL4aBs15Nipivx9r9J7YSaC6NPeRfdH/mAhdnGZkq4SAG
M4NoM6yqqDY=
=n1TS
-----END PGP SIGNATURE-----