SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   HPE ProLiant Support Pack Vendors:   HPE
HPE ProLiant Server Firmware Buffer Overflows in Intel Server Platform Service Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1039955
SecurityTracker URL:  http://securitytracker.com/id/1039955
CVE Reference:   CVE-2017-5706, CVE-2017-5709   (Links to External Site)
Date:  Dec 5 2017
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Two vulnerabilities were reported in HPE ProLiant Server Firmware on some HPE servers. A physically local user can obtain elevated privileges on the target system.

A physically local user can trigger a buffer overflow to execute arbitrary code on the target system [CVE-2017-5706].

A physically local user can cause a process to access privileged content to gain elevated privileges on the target system [CVE-2017-5709].

The vulnerabilities reside in the Intel Server Platform Service (SPS) v4.0 component.

The following HPE Prolian Server models are affected.

BL460c Gen10 Server Blade ROM firmware
DL20 Gen9 Server SPS firmware
DL360 Gen10 Server ROM firmware
DL380 Gen10 Server ROM firmware
DL560 Gen10 Server ROM firmware
DL580 Gen10 Server ROM firmware
m710x Server Cartridge ROM firmware
ML30 Gen9 Server SPS Firmware
ML110 Gen10 Server ROM firmware
ML350 Gen10 Server ROM firmware
XL170r Gen10 Server ROM firmware
XL190r Gen10 Server ROM firmware
XL230k Gen10 Server ROM firmware
XL450 Gen10 Server ROM firmware

The original advisory is available at:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Impact:   A physically local user can obtain elevated privileges on the target system.
Solution:   HPE has issued a fix.

The HPE advisories are available at:

https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03798en_us
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00036596en_us

Vendor URL:  support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03798en_us (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   None.


 Source Message Contents

Subject:  https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03798en_us

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC