HP System Management Homepage Incomplete Update Installation Weakness

Bugtraq ID:	25675
Class:	Design Error
CVE:	CVE-2007-4931
Remote:	No
Local:	Yes
Published:	Sep 14 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor disclosed this issue.
Vulnerable:	HP System Management Homepage 2.1.9 HP System Management Homepage 2.1.8 HP System Management Homepage 2.1.7 HP System Management Homepage 2.1.6 HP System Management Homepage 2.1.5 HP System Management Homepage 2.1.4 HP System Management Homepage 2.1.3 .132 HP System Management Homepage 2.1.3 HP System Management Homepage 2.1.2 HP System Management Homepage 2.1.1 HP System Management Homepage 2.1 HP System Management Homepage 2.0.2 HP System Management Homepage 2.0.1 HP System Management Homepage 2.0
Not Vulnerable:

HP System Management Homepage Incomplete Update Installation Weakness

HP System Management Homepage is prone to a weakness that can result in a false sense of security.

This issue can cause incomplete OpenSSL security update installations that may leave the affected computer prone to the flaw that the update was intended to fix.

HP System Management Homepage Incomplete Update Installation Weakness

This issue is not exploitable on its own but may leave a computer prone to a vulnerability that was intended to be addressed; this can result in a false sense of security.

HP System Management Homepage Incomplete Update Installation Weakness

Solution:
In response to this issue, the vendor released an advisory that tells users to always reboot a computer prone to this issue after installing an SMH update. Please see the references for more information.

HP System Management Homepage Incomplete Update Installation Weakness

References:

• HP System Management Homepage (HP)
  
• HP System Management Homepage (SMH) for Windows, Incomplete Update Installation (HP)