HP System Management Homepage May Not Properly Complete Security Updates
|
|
SecurityTracker Alert ID: 1018696 |
|
SecurityTracker URL: http://securitytracker.com/id/1018696
|
|
CVE Reference:
CVE-2007-4931
(Links to External Site)
|
Updated: Apr 18 2008
|
Original Entry Date: Sep 14 2007
|
Impact:
Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in HP System Management Homepage. The system may not completely apply security relevant updates.
When HP System Management Homepage (SMH) for Windows is updated while running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM), the previous OpenSSL software may remain active in memory until the system is rebooted.
|
Impact:
The system may not completely apply OpenSSL updates.
|
Solution:
The vendor indicates that customers should always reboot a Windows system running SMH and VCA or VCRM immediately after installing an update to SMH.
The HP advisory is available at:
https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01164065
|
Vendor URL: www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01164065 (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 14 Sep 2007 15:43:36 -0400
Subject: HPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation
|
https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01164065
|
|
