NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q2

[sec-adv] HP-UX update for various network drivers

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed May 28 2003 - 08:09:42 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
HP-UX update for various network drivers

READ ONLINE:
http://www.secunia.com/advisories/8875/

CRITICAL:
Less critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
From remote

OPERATING SYSTEM:
HP-UX 11.x
HP-UX 10.x

DESCRIPTION:
HP has issued various updated network drivers to fix an information
disclosure vulnerability.

The problem is that many ethernet NIC (Network Interface Card) device
drivers pad frames with content from previous packets or kernel
memory instead of using NULL-bytes. This may be exploited by
malicious people to obtain potentially sensitive information by
sending specially crafted packets to a vulnerable system.

SOLUTION:
Apply patches available from:
http://www4.itrc.hp.com/service/patch/search.do?pageContextName=hpux:::

HP-UX 10.20:
PHNE_28635 (s700_800 EISA 100BT cumulative patch)
PHNE_28536 (s800 LAN products cumulative patch)
PHNE_28535 (s700 LAN products cumulative patch)

HP-UX 11.00:
PHNE_28143 (s700_800 lan3 LAN product cumulative patch)
PHNE_28636 (s700_800 EISA 100BT cumulative patch)

ORIGINAL ADVISORY:
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0305-261

OTHER REFERENCES:
http://www.kb.cert.org/vuls/id/412115

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]