- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Re: Is HP c7000 iLO onboard administrator subject ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2011 01:13 PM
07-20-2011 01:13 PM
Is HP c7000 iLO onboard administrator subject to CVE IDs: CVE-2009-3563, CVE-2009-5020 ,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2011 08:55 AM
07-21-2011 08:55 AM
Re: Is HP c7000 iLO onboard administrator subject to CVE IDs: CVE-2009-3563, CVE-2009-5020 ,
I will have to ask the question and see what I can find out.
Chuck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2011 11:17 AM
07-21-2011 11:17 AM
Re: Is HP c7000 iLO onboard administrator subject to CVE IDs: CVE-2009-3563, CVE-2009-5020 ,
First of all a general info place to get Security Bulletins and to report security issues:
How Do Customers Report Security Vulnerabilities?
Customers can report software security vulnerabilities to HP using the external link to the form Report a Potential Security Vulnerability to HP (http://welcome.hp.com/country/us/en/sftware_security.html). This page accepts reports of potential security defects from customers and provides an automated email acknowledgement to the person submitting the report. The reporting Web Page can also be accessed from HP Home page:
- http://www.hp.com
- Select "Contact HP / Customer Service"
- Select "Report a Software Security Issue"
To receive security information, customers can go to the general HP Web Page:
- http://www.hp.com
- Select "Support & Drivers"
- Select "Sign up: Driver, Support & Security Alerts"
Customers can view all Previously Published HP ITRC Security Bulletins at the IT Resource Center (registration required).
Specific to the software security questions you asked above here is what I received back:
Specifically (but unofficially), the NTP DoS (CVE-2009-3563) documents a problem with a Linux NTP daemon and since iLO doesn’t have an NTP daemon running we don't see an issue. Similarly, CVE-2009-5020 doesn’t apply to iLO since it is for the “AWStats” utility which isn’t part of the image and specifically to a Perl module (awredir.pl) which isn’t possible since there is no Perl interpreter onboard…
I hope this helps.
Chuck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2011 04:24 PM
07-22-2011 04:24 PM
Re: Is HP c7000 iLO onboard administrator subject to CVE IDs: CVE-2009-3563, CVE-2009-5020 ,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2011 11:24 PM
07-22-2011 11:24 PM
Re: Is HP c7000 iLO onboard administrator subject to CVE IDs: CVE-2009-3563, CVE-2009-5020 ,
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/secBullArchive/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2011 05:20 PM
07-24-2011 05:20 PM
Re: Is HP c7000 iLO onboard administrator subject to CVE IDs: CVE-2009-3563, CVE-2009-5020 ,
Johan:
Thanks for updating the link.
Danatt:
I think your question regarding the components in the OA/iLO software would be a good question to ask the security gang. If you are going to have questions, no time like the present to see what sort of response you get from using the website.
Chuck