Automated Backup
1747980 Members
3801 Online
108756 Solutions
New Discussion

Data Protector Express - AiO Hot Fix for CVE-2009-0714 ?

 
John T Willis
Advisor

Data Protector Express - AiO Hot Fix for CVE-2009-0714 ?


Data Protector Express 4.0 sp1 build 43064 which is included in the most recent AiO software update for the ASM 3.8 appears to have a Security Vulnerability

Technical knowledge base - document
- SUPPORT COMMUNICATION - SECURITY BULLETIN
- Document ID: c01697543
- Release Date: 2009-05-13

References: CVE-2009-0714

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express 3.x and HP Data Protector Express SSE 3.x prior to build 47065
HP Data Protector Express 4.x and HP Data Protector Express SSE 4.x prior to build 46537

http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01697543-1

HP has made a 'HotFix' available for the generic product as a Patch here:

HP Data Protector Express Software
- Download drivers and software
-- Patch
--- HP StorageWorks Data Protector Express "Hot Fix" (Build 46537) for version 4.0 SP1

http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=1144275&prodTypeId=12169&prodSeriesId=1144272&swLang=13&taskId=135&swEnvOID=1005

Q. Is this something that should be applied "outside" of updating the ASM or waiting for an "official" HP update for the AiO software?

Q. Will the ASM software still be able to communicate with the DPX software if this update is applied?