Release date: 2011-11-04
Updated on: 2011-11-07
Affected Systems:
HP TCP/IP Services for OpenVMS Alpha 5.7
HP TCP/IP Services for OpenVMS Alpha 5.6
HP TCP/IP Services for OpenVMS 5.7
HP TCP/IP Services for OpenVMS 5.6
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50532
Cve id: CVE-2011-3168
OpenVMS is a VMS-based multi-task multi-processor operating system.
An illegal access security vulnerability exists in the implementation of HP TCP/IP Services for OpenVMS running the POP or IMAP server. Remote attackers can exploit this vulnerability to bypass certain security restrictions and illegally access the affected applications.
<* Source: Peter Weaver
Link: http://secunia.com/advisories/46743/
Http://h20566.www2.hp.com/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
HP
--
HP has released a Security Bulletin (HPSBOV0246) for this purpose and the corresponding patch:
HPSBOV0246: SSRT090152 rev.1-HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access
Link: http://h20566.www2.hp.com/