SB2015040201 - Multiple vulnerabilities in HP 3PAR Service Processor (SP)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015040201

SB2015040201 - Multiple vulnerabilities in HP 3PAR Service Processor (SP)

Published: April 2, 2015 Updated: August 8, 2023

Security Bulletin ID SB2015040201
Severity
Critical
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Man-in-the-Middle attack (CVE-ID: CVE-2014-0224)

The vulnerability allows a remote attacker to decrypt encrypted connections.

The vulnerability exists due to an error in OpenSSL. A remote attacker with ability to intercept network traffic can decrypt SSL connection and gain access to sensitive data.

2) Information disclosure (CVE-ID: CVE-2014-3566)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to usage of insecure SSLv3 protocol in OpenSSL. A remote attacker can force the current connection between user and server to be downgraded to SSLv3 protocol and then use padding-oracle attack on Cypher-block chaining (CBC) mode to decrypt encrypted communication.

Successful exploitation of the vulnerability may allow an attacker to read encrypted communications in clear text.

Note: The vulnerability is known as POODLE.

3) Command injection (CVE-ID: CVE-2014-6271)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to incorrect parsing of environment variables. A remote attacker can execute arbitrary code on the target system as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

Successful exploitation may allow an attacker to gain complete control over vulnerable system.

Exploitation example:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Note: this vulnerability was being actively exploited in the wild.


4) Command injection (CVE-ID: CVE-2014-7169)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists due to an incomplete fix related to malformed function definitions in the values of environment variables. By using multiple attack vectors (DHCP, HTTP, SIP, FTP, and SMTP) involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, a remote attacker can inject and execute arbitrary commands.This vulnerability exists due to incomplete fix for vulnerability #1 (CVE-2014-6271).

Exploitation example: 

env X='() { (a)=>\' bash -c "echo date"; cat echo

Successful exploitation may allow an attacker to gain complete control over vulnerable system.

Note: this vulnerability was being actively exploited.


Remediation

Install update from vendor's website.

References