Security updates from HP
HP has released a security update for its StorageWorks storage mirroring software to fix a critical vulnerability that allows attackers to penetrate and gain control of a system. No further details of the bug are given. According to the report, version 4.5 Service Pack 1 is affected. The bug is not present in version 4.5 Service Pack 2. Upgrading to version 5.0 also eliminates the problem. The updates can be obtained from Double-Take.
The vendor also reports multiple vulnerabilities in HP Instant Support for Windows. A flawed ActiveX control can be exploited by attackers to inject and execute code on a system. The bugs are fixed in version 1.0.0.24. According to HP, the new version is installed when a diagnostic session is launched from the "Instant Support Professional edition" website.
See also:
- HP StorageWorks Storage Mirroring Software, Remote Execution of Arbitrary Code, security advisory from HP
- HP Instant Support HPISDataManager.dll Running on Windows, Remote Execution of Arbitrary Code, security advisory from HP
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
