HP-UX update for CIFS Server

Secunia ID	SA48943
CVE-ID	CVE-2011-2522
Release Date	24 Apr 2012
Criticality	Less Critical
Solution Status	Vendor Patch
Where	From remote
Impact	Cross-Site Scripting Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system. Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery". Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks.
Description	HP has issued an update for CIFS Server in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks. For more information see vulnerability #1 in: SA45393 The vulnerability is reported in versions B.11.11, B.11.23, and B.11.31 running HP-UX CIFS Server A.02.04.04 or prior and B.11.23 and B.11.31 running HP-UX CIFS Server A.03.01.03 or prior.
Solution	Update to version A.02.04.05 or A.03.01.04. -- 11i v1 -- A.02.04.05: HP-UX_11.11_B8725AA_A.02.04.05_HP-UX_B.11.11_32_64.depot -- 11i v2 -- A.02.04.05: HP-UX_11.23_B8725AA_A.02.04.05_HP-UX_B.11.23_IA_PA.depot A.03.01.04: HP-UX_11.23_B8725AA_A.03.01.04_HP-UX_B.11.23_IA_PA.depot -- 11i v3 -- A.02.04.05: HP-UX_11.31_CIFS-SERVER_A.02.04.05_HP-UX_B.11.31_IA_PA.depot A.03.01.04: HP-UX_11.31_CIFS-SERVER_A.03.01.04_HP-UX_B.11.31_IA_PA.depot
Original Advisory	HPSBUX02768 SSRT100664: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03297338

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.