---------------------------------------------------------------------- Want a new job? http://secunia.com/corporate/jobs/open_positions/ ---------------------------------------------------------------------- TITLE: HP OpenView Select Identity Connectors Information Disclosure SECUNIA ADVISORY ID: SA31764 VERIFY ADVISORY: http://secunia.com/advisories/31764/ CRITICAL: Less critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: Local system SOFTWARE: HP Select Identity Active Directory Connector 2.x http://secunia.com/product/19736/ HP Select Identity Active Directory Connector 1.x http://secunia.com/product/19735/ HP Select Identity SunOne Connector 1.x http://secunia.com/product/19737/ HP Select Identity eDirectory Connector 1.x http://secunia.com/product/19738/ HP Select Identity eTrust Connector 1.x http://secunia.com/product/19739/ HP Select Identity OID Connector 1.x http://secunia.com/product/19740/ HP Select Identity IBM Tivoli Dir Connector 1.x http://secunia.com/product/19741/ HP Select Identity TOPSecret Connector 2.x http://secunia.com/product/19742/ HP Select Identity RACF Connector 1.x http://secunia.com/product/19743/ HP Select Identity ACF2 Connector 1.x http://secunia.com/product/19744/ HP Select Identity BiDir DirX Connector 1.x http://secunia.com/product/19746/ HP Select Identity OpenLDAP Connector 1.x http://secunia.com/product/19745/ DESCRIPTION: A vulnerability has been reported in various HP OpenView Select Identity Connectors, which can be exploited by malicious, local users to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error in HP OpenView Select Identity (HPSI) Connectors running on Windows and can be exploited to disclose certain information. The vulnerability is reported in the following products and versions: * HPSI Active Directory Connector v 1.70.003 and earlier * HPSI Active Directory Connector v 2.10.002 and earlier * HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier * HPSI SunOne Connector v 1.14 and earlier * HPSI eDirectory Connector v 1.12 and earlier * HPSI eTrust Connector v 1.02 and earlier * HPSI OID Connector v 1.02 and earlier * HPSI IBM Tivoli Dir Connector v 1.02 and earlier * HPSI TOPSecret Connector v 2.22.001 and earlier * HPSI RACF Connector v 1.12.001 and earlier * HPSI ACF2 Connector v 1.02 and earlier * HPSI OpenLDAP Connector v 1.02 and earlier * HPSI BiDir DirX Connector v 1.00.003 and earlier SOLUTION: Update to fixed version (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02361 SSRT080119: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01531379 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------