SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HP Smart Update Manager Vendors:   HPE
HP Smart Update Manager OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1030085
SecurityTracker URL:  http://securitytracker.com/id/1030085
CVE Reference:   CVE-2014-0160   (Links to External Site)
Date:  Apr 14 2014
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.0.0 through 6.3.0
Description:   A vulnerability was reported in HP Smart Update Manager. A remote user can obtain potentially sensitive information.

A remote user can trigger a buffer overread in the processing of the TLS heartbeat extension to obtain up to 64k of memory (per heartbeat request), potentially including encryption keys.

The vendor has assigned SSRT101503 to this vulnerability.

[Editor's note: This vulnerability is known as the OpenSSL heartbleed vulnerability.]

Neel Mehta of Google Security and researchers from Codenomicon reported this vulnerability.

Impact:   A remote user can obtain potentially sensitive information, including encryption keys.
Solution:   No solution was available at the time of this entry.

The vendor's advisory is available at:

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04239375-1

Vendor URL:  h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04239375-1 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Linux (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC