You are here

V-016: HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System

November 5, 2012 - 6:00am

Addthis

PROBLEM:

HP Performance Insight Bugs with Sybase Database Let Remote Users Deny Service and Take Full Control of the Target System

PLATFORM:

HP Performance Insight v5.31, v5.40 and v5.41 running on HP-UX, Solaris, Linux, and Windows and using Sybase as the database

ABSTRACT:

Two vulnerabilities were reported in HP Performance Insight.

REFERENCE LINKS:

HP Support  Document ID: c03555488
SecurityTracker Alert ID:  1027719
CVE-2012-3269
CVE-2012-3270

IMPACT ASSESSMENT:

High

DISCUSSION:

Potential security vulnerabilities have been identified with HP Performance Insight when using Sybase as the database. The vulnerabilities could be remotely exploited to allow remote denial of service (DoS) and loss of data.

IMPACT:

A remote user can take full control of the target system.

A remote user can cause denial of service conditions.

SOLUTION:

HP has provided a hotfix SSRT100924 for HP Performance Insight using Sybase to resolve this issue.

Addthis