Information Security all in one place!

HP Network Node Manager: Remote Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Potential Security Impact: Remote unauthorized disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized disclosure of information.

References: CVE-2007-1858

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Network Node Manager i (NNMi) v8.x, v9.0x, v9.1x for HP-UX, Linux, Solaris, and Windows

English: This is white-on-black HP jewel logo,...

RESOLUTION – per HP

HP has made the following procedure available to resolve the vulnerability.

Backup the appropriate file to another directory.

$NnmInstallDir\nonOV\jboss\nms\server\nms\deploy\jboss-web.deployer\server.xml [Windows]

$NnmInstallDir/nonOV/jboss/nms/server/nms/deploy/jboss-web.deployer/server.xml [HP-UX, Linux, Solaris]

Edit the original server.xml file.

Add the following to the end of the SSL Connector entry. The entry must be one continuous string with no line breaks.

ciphers=”TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA”

For example, in NNMi v9.10 the entry would be:

<Connector port=”${jboss.https.port}” … ciphers=…/>

Save and verify

Save the file.

Stop and restart NNMi.

Bring up the UI to verify that NNMi is still functioning correctly.

MANUAL ACTIONS: Yes – NonUpdate

Edit the server.xml file as described above.

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS (for HP-UX)

HP-UX B.11.31
HP-UX B.11.23 (IA)
=============
HPOvNNM.HPNMSJBOSS
action: edit the server.xml file as described in the Resolution

Advertisements

Let's hear what you have to say.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s