HP Support Alerts - HPSBST03588 rev 1. - HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS, Remote Arbitrary Command Execution

TBCS IT announces the following HP Support Alert: 

 

Find more here

If you need any assistance please call us: +49 (0)5321 35 1000 or send an e-mail to sales@tbcs-it.de

 
SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05382958

Version: 1

HPSBST03588 rev 1. - HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS, Remote Arbitrary Command Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-01-31

Last Updated: 2017-01-31


Potential Security Impact: Remote: Arbitrary Command Execution

Source: Hewlett Packard Enterprise, HPE Product Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS. The vulnerability could be remotely exploited resulting in arbitrary command execution.

References: CVE-2016-8529 - Remote Arbirtary Command Execution

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HP StoreVirtual VSA Software Licenses - LeftHand OS v12.5 and earlier
  • HPE P4000 G2 SAN Solutions - LeftHand OS v12.5 and earlier
  • HP LeftHand P4000 Virtual SAN Appliance Software - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4130 600GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4130 600GB China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 1TB MDL SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 450GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 1TB MDL China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 450GB China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 900GB China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 FC 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 FC 900GB China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4335 China Hybrid Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4335 Hybrid Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 2TB MDL SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 3TB MDL SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 4TB MDL SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 450GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 600GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4630 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4730 600GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4730 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4730 FC 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4130 600GB China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4130 600GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 1TB MDL China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 1TB MDL SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 450GB China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 450GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 450GB SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 900GB China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 900GB SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 FC 900GB China SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4330 FC 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4335 China Hybrid SAN Solution - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4335 Hybrid Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4335 China Hybrid Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4335 Hybrid SAN Solution - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 2TB MDL SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 3TB MDL SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 600GB SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 450GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 450GB SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 4TB MDL SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4530 600GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4630 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4730 600GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4730 600GB SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4730 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4730 900GB SAS Storage/S-Buy - LeftHand OS v12.5 and earlier
  • HP StoreVirtual 4730 FC 900GB SAS Storage - LeftHand OS v12.5 and earlier
  • HP ConvergedSystem 242-HC StoreVirtual System - LeftHand OS v12.5 and earlier
  • HP ConvergedSystem 240-HC StoreVirtual System - LeftHand OS v12.5 and earlier
  • M0T03A HP ConvergedSystem 250-HC StoreVirtual System - LeftHand OS v12.5 and earlier
  • M0T03B HPE Hyper Converged 250 System for VMware vSphere - LeftHand OS v12.5 and earlier
  • N9X97A HPE Hyper Converged 250 for Microsoft Cloud Platform System Standard - LeftHand OS v12.5 and earlier
  • HPE Hyper Converged 380 - LeftHand OS v12.5 and earlier

BACKGROUND

CVSS Version 3.0 and Version 2.0 Base Metrics
Reference
V3 Vector
V3 Base Score
V2 Vector
V2 Base Score
CVE-2016-8529
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.6
(AV:A/AC:M/Au:S/C:P/I:P/A:C)
6.3
Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002

Hewlett Packard Enterprise thanks Calum Hutton for reporting this vulnerability to security-alert@hpe.com

RESOLUTION

HPE has provided the following software patch and update to resolve the vulnerability in the impacted versions of StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS.

  • LeftHand OS v12.5 patch 55018

    Note: HPE P4000 G2 SAN Solutions systems will need to upgrade to version LeftHand OS v12.5 and apply patch 55018.

  • LeftHand OS v12.6

    Note: HPE StoreVirtual 4000 systems, VSA Software systems and Hyper Converged systems should upgrade to LeftHand OS v12.6.

HISTORY
Version:1 (rev.1) - 31 January 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product:

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

©Copyright 2017 Hewlett Packard Enterprise Company, L.P.
 
 

Passende Artikel

HPE StoreVirtual 4330 450GB SAS Storage P/N: B7E17A

Full warranty

Statt: 11.840,00 € * ab 3.885,00 € *

%
HPE StoreVirtual 4530 2TB MDL SAS Storage P/N: B7E23A

HPE Renew - full warranty

Statt: 21.935,00 € * ab 7.299,00 € *

%
HPE StoreVirtual 4730 FC 900GB SAS Storage P/N: B7E29A

HPE Renew - full warranty

Statt: 41.127,00 € * ab 14.999,00 € *

%
HP StoreVirtual P4300 G2 8TB MDL Storage P/N: BK719A

HP Renew - full warranty

Statt: 9.775,00 € * 4.999,00 € *

%
HP StoreVirtual VSA 2014 4TB 3-pack 3yr E-LTU P/N: TC484AAE

E-LTU with 12TB VSA (3x 4TB licenses)

2.250,00 € *

 
 

Kommentar schreiben

 

Die mit einem * markierten Felder sind Pflichtfelder.