•  

    Privilege Escalation Vulnerability in the Linux Kernel (“Dirty COW”)

     

    Privilege Escalation Vulnerability in the Linux Kernel (“Dirty COW”)

    On October 19, 2016, a privilege escalation vulnerability in Linux kernel was disclosed. A race condition was found in a way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. This flaw allows an unprivileged local user to gain write access to otherwise read-only memory mappings and thus gaining increased privileges on the Linux kernel. This vulnerability is referred to as “Dirty COW”. Additional information about this vulnerability is available at CVE-2016-5195.

    Product Impact Assessment HTML

    Product Impact Assessment Spreadsheet

    Additional Details

  •  

    HTTP_PROXY Environment Variable Handling Vulnerability ("FalseCONNECT")

     

    HTTP_PROXY Environment Variable Handling Vulnerability ("FalseCONNECT")

    On August 15th, 2016, a vulnerability referred to as “FalseCONNECT”, in the implementation of HTTP 407 (proxy authentication required) for the CONNECT method was disclosed. Since these requests are always made in plain text over HTTP, they are susceptible to man-in-the-middle attacks that may be leveraged to expose user credentials, and in some implementations, render HTML and scripts in the client DOM within a security context. The injection as well as tampering of 407 authentication headers in the context of the CONNECT method can subject a user to phishing as well as authentication downgrade attacks. Additional information about the vulnerability is available at CERT VU#905344.  

    Product Impact Assessment HTML

    Product Impact Assessment Spreadsheet

    Additional Details

  •  

    CGI application vulnerability ("HTTPoxy") for PHP, Go, Python and others

     

    CGI application vulnerability ("HTTPoxy") for PHP, Go, Python and others

    On July 18th, 2016, a vulnerability in the handling of HTTP_PROXY environment variable by web servers, web frameworks, and programming languages that run in CGI or CGI-like environments, referred to as HTTPoxy, was disclosed. The vulnerability stems from using user-supplied input to set the HTTP_PROXY environment variable without sufficient validation. This vulnerability could allow an unauthenticated, remote attacker to perform man-in-the-middle attack (MITM) or redirect outbound traffic to an arbitrary server that can cause disclosure of sensitive information. Additional information about this vulnerability is available at CVE-HTTPoxy.  

    Product Impact Assessment HTML

    Product Impact Assessment Spreadsheet

    Additional Details

  •  

    Cross-protocol Attack on TLS using SSLv2 (DROWN) – CVE-2016-0800

     

    Cross-protocol Attack on TLS using SSLv2 (DROWN) – CVE-2016-0800

    On March 1st 2016, a new attack was released which is being referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. This is a cross-protocol attack that exploits a vulnerability in SSLv2 to decrypt passively collected TLS sessions. Additional information about the vulnerability is available at CVE-2016-0800.  

    Product Impact Assessment HTML

    Product Impact Assessment Spreadsheet

    Additional Details

  •  

    Stack-Based Buffer Overflow in Glibc's Getaddrinfo()

     

    Stack-Based Buffer Overflow in Glibc's Getaddrinfo()

    On February 16, 2016, a stack-based buffer overflow vulnerability in the GNU C library (glibc) was publicly disclosed. The flaw was discovered in the getaddrinfo() library function of the glibc. Applications using this function may be exploited by attackers by performing remote code execution on the affected device. Additional information about the vulnerability is available on the NIST website CVE-2015-7547.

    Product Impact Assessment HTML

    Product Impact Assessment Spreadsheet

    Additional Details

  •  

    Intel Processor Security Vulnerability (aka “Memory Sinkhole”)

     

    Intel Processor Security Vulnerability (aka “Memory Sinkhole”)

    Overview
    On August 6th 2015, at the Black Hat security conference in Las Vegas, security researcher Christopher Domas demonstrated installing a rootkit in a PC's firmware. Domas nicknamed the demonstration a “memory sinkhole’. The attack exploited a feature built into x86 chips manufactured since the mid-1990’s until the 2011 release of Intel Xeon Processor E5-2600 Series (i.e., Sandy Bridge-EP).

    The vulnerability exists in the Advanced Programmable Interrupt Controller (APIC), which could allow an attack against the System Management Mode (SMM) memory area used by the operating system to interface with the boot environment like BIOS, EFI, or UEFI. An attacker can exploit this vulnerability to utilize the most privileged of execution modes and potentially overwrite secure features in the boot environment. The demonstration exploit uses the UEFI code features to install a rootkit.

    Potential Impact
    HP has investigated the potential impact of this issue on our Enterprise products (i.e., Servers, Storage and Networking) and determined that HP ProLiant Gen8 and Gen9-series servers are not vulnerable, as Intel previously addressed this design flaw in Intel Xeon Processor E5-2600 Series and subsequent models of server processors. Please note that Intel Xeon Processor E5-2600 Series are used in ProLiant Gen8 servers.

    In addition, HP has investigated the potential impact of this issue on HP ProLiant G5, G6 and G7-series servers and determined they are not vulnerable to the specific attack demonstrated by Christopher Domas at the Black Hat security conference. Intel is providing a microcode update for these servers which will prevent a potential security breach, if an attempt is made to exploit this vulnerability. As an added measure of security, HP plans to implement this microcode in updated ProLiant System ROMs, which will be made available for download on HPE Support Center, at no cost to customers.

    What can you do?
    Please check back for updates to this page regarding the availability of updated System ROMs for ProLiant G5, G6 and G7-series servers.

    Additional details
  •  

    ISC BIND TKEY query handling Vulnerability - CVE-2015-5477

     

    ISC BIND TKEY query handling Vulnerability - CVE-2015-5477

    A vulnerability affecting DNS name servers based on ISC BIND was announced on July 28, 2015. This vulnerability could allow a remotely exploitable Denial of Service against name servers running ISC BIND. Additional information about the ISC BIND TKEY query handling vulnerability is available at CVE-2015-5477

    Additional details
  •  

    OpenSSL Alternative Chains Certificate Forgery Vulnerability

     

    OpenSSL Alternative Chains Certificate Forgery Vulnerability

    On July 9, 2015, OpenSSL disclosed a flaw in the way alternative certificate chains are verified. This only impacts versions of OpenSSL released since June 2015: v1.0.2c, v1.0.2b, v1.0.1o and v1.0.1n. Exploitation of this vulnerability could allow an attacker to bypass certain certificate validation checks, enabling them to issue an invalid certificate. Additional information about the VENOM vulnerability is available on the NIST web site CVE-2015-1793 .

    Additional details
  •  

    VENOM Vulnerability - CVE-2015-3456

     

    VENOM Vulnerability - CVE-2015-3456

    On May 13, 2015, a vulnerability was announced in the virtual floppy drive code used by many virtualization platforms. Exploitation of this vulnerability could allow an attacker to escape from the affected Virtual Machine (VM) guest and potentially execute code on the host. Additional information about the VENOM vulnerability is available on the NIST web site CVE-2015-3456

    Additional details
  •  

    Glibc “GHOST" Vulnerability

     

    Glibc “GHOST" Vulnerability

    On January 27, 2015, a buffer overflow vulnerability in GNU C library (glibc) was publicly disclosed. The flaw was discovered in the gethostbyname set of functions of the GNU C library (glibc) and could be used to execute arbitrary code. Additional information about the vulnerability is available on NIST web site CVE-2015-0235

    Additional details
  •  

    SSLv3 POODLE Vulnerability - CVE-2014-3566

     

    SSLv3 POODLE Vulnerability - CVE-2014-3566

    On October 14, 2014, a vulnerability in the SSLv3 protocol was released. An exploitation of this vulnerability could allow an attacker to decrypt portions of encrypted traffic via a POODLE (Padding Oracle on Downgraded Legacy Encryption) attack. Additional information about SSLv3 POODLE vulnerability is available on NIST web site CVE-2014-3566

    Additional details
  •  

    GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability

     

    GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability

    A recent Bash vulnerability affecting Unix-based operating systems, such as Linux and Mac OS X, was announced on September 24, 2014. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. More information about this issue is available at CVE-2014-7169

    Additional details
  •  

    OpenSSL “Heartbleed" Vulnerability

     

    OpenSSL “Heartbleed" Vulnerability

    On April 8, 2014, HP was notified of an OpenSSL vulnerability CVE-2014-0160 (now known as "Heartbleed"). This vulnerability has garnered a substantial amount of media attention. See resources section for link to National Vulnerability Database entry describing vulnerability in detail. OpenSSL is used in some HP products to provide encryption and SSL services.

    Additional details
'' ''