-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
ESB-2001.018 -- COMPAQ SSRT0705 Security Advisory
Compaq web-enabled management software potential security vulnerability
16 January 2001
AusCERT Security Bulletin Summary
Product: All web-enabled Compaq management software
Operating System: Microsoft Windows 9x, NT and 2000,
SCO Open Server, SCO UnixWare 7,
RedHat 6.2 and 7.0,
Tru64Unix and OpenVMS
Impact: Root Compromise,
- --------------------------BEGIN INCLUDED TEXT--------------------
Source: Compaq Computer Corporation
Title: Compaq web-enabled management software potential
Compaq web-enabled management software security vulnerability.
The complete online document is available from
and should be checked as needed for new patch or release information.
Compaq continues to take a serious approach to the quality and security of
all its software products and makes every effort to address issues and
provide solutions in a timely manner. In line with this commitment, Compaq
is responding to recent concerns on a potential security vulnerability in
the web-enabled Compaq management software. This vulnerability has the
potential to enable unauthorized users to execute code at an administrator
level through the exploitation of a buffer overflow.
Scope of the problem
This Security Advisory applies to all web-enabled Compaq management
software. A list of affected software versions is included at the end of the
(online) Advisory. The web component of Compaq web-enabled management
provides HTTP services to allow management information to be accessible
through a web browser. Web-enabled management software is provided for the
majority of the operating systems that Compaq supports on its Intel and
Alpha server and client systems. These operating systems include Microsoft
Windows 9x, NT and 2000, NetWare, SCO Open Server, SCO UnixWare 7, RedHat
6.2 and 7.0, Tru64Unix and OpenVMS. Web-enabled management software is also
supported for Compaq storage products.
Unaffected Software Versions
The web-enabled component of the Remote Insight Lights-out Edition board is
NOT affected. Also unaffected are the downloadable integration modules that
Compaq provides to enhance the management of Compaq platforms from within
enterprise management consoles such as CA Unicenter TNG, Tivoli Enterprise,
Tivoli NetView and HP OpenView.
What Compaq is doing
Compaq is currently completing the testing and release of fixes for the
affected software. In addition to releasing new versions of the software,
Compaq will also release software patches to update the web-enabled
component of the affected software for customers who do not want to upgrade
their systems to the latest version.
What Customers Should Do
Determine which systems are running Compaq web-enabled agents or utilities.
There are three methods suggested. Note that the lists generated by Methods
2 and 3, while helpful, may not be exhaustive lists of the systems with web
agents and utilities on your network. The lists will include only those
systems that are being managed either explicitly or because they have been
Point a web browser at the system and key in
http://[IP_ADDRESS]:2301 or http://[machine_name]:2301.
This will bring up the device home page for the server if it is running
web-enabled management software, and display a list of the components.
If you are using Compaq Insight Manager XE, you can get a list of systems
running the web agents by defining a Query to return a list of systems with
web agents. Login to your Compaq Insight Manager XE system and create a new
Query. Select the "Devices with Web Agent" criteria. Further, select all of
the available products on the Criteria Configuration screen. Save the Query
and execute it. The list of devices will be all those with web agents.
If you are using the Compaq Insight Manager Windows 32 console, you can get
a list of systems running the web agents by starting Compaq Insight Manager
and selecting the "Web Device List" button on the toolbar. This will display
a list of systems being managed by Compaq Insight Manager and additionally
will have underlined as hyperlinks the systems on which the web agents are
present and enabled. To print out a list of only the web devices select the
"Web Devices" hyperlink in the left column and only web devices will be
shown. Simply print this page from your browser.
If for any reason you cannot wait until the fix is released, Compaq
recommends that you temporarily disable the web component of Compaq
management software on any systems where you have particular concerns.
Follow the procedures outlined in the online advisory.
Refer to the online advisory at
( http://www.compaq.com/products/servers/management/agentsecurity.html )
COMPAQ AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE
SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED
GRAPHICS AND/OR SOFTWARE PUBLISHED ON THIS SERVER FOR ANY PURPOSE. ALL SUCH
DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
KIND AND ARE SUBJECT TO CHANGE WITHOUT NOTICE. THE ENTIRE RISK ARISING OUT
OF THEIR USE REMAINS WITH THE RECIPIENT. IN NO EVENT SHALL COMPAQ AND/OR
SUPPLIERS BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL,
PUNITIVE OR OTHER DAMAGES WHATSOEVER (INCLUDING WITHOUT LIMITATION, DAMAGES
FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS
INFORMATION), EVEN IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----