07-20-2011 01:13 PM
07-21-2011 11:17 AM
First of all a general info place to get Security Bulletins and to report security issues:
How Do Customers Report Security Vulnerabilities?
Customers can report software security vulnerabilities to HP using the external link to the form Report a Potential Security Vulnerability to HP (http://welcome.hp.com/country/us/en/sftware_secur
- Select "Contact HP / Customer Service"
- Select "Report a Software Security Issue"
To receive security information, customers can go to the general HP Web Page:
- Select "Support & Drivers"
- Select "Sign up: Driver, Support & Security Alerts"
Customers can view all Previously Published HP ITRC Security Bulletins at the IT Resource Center (registration required).
Specific to the software security questions you asked above here is what I received back:
Specifically (but unofficially), the NTP DoS (CVE-2009-3563) documents a problem with a Linux NTP daemon and since iLO doesn’t have an NTP daemon running we don't see an issue. Similarly, CVE-2009-5020 doesn’t apply to iLO since it is for the “AWStats” utility which isn’t part of the image and specifically to a Perl module (awredir.pl) which isn’t possible since there is no Perl interpreter onboard…
I hope this helps.
07-22-2011 04:24 PM
07-22-2011 11:24 PM
07-24-2011 05:20 PM
Thanks for updating the link.
I think your question regarding the components in the OA/iLO software would be a good question to ask the security gang. If you are going to have questions, no time like the present to see what sort of response you get from using the website.