-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution
                             
              ESB-2001.018 -- COMPAQ SSRT0705 Security Advisory
   Compaq web-enabled management software potential security vulnerability
                               16 January 2001

===========================================================================

	AusCERT Security Bulletin Summary
	---------------------------------

Product:                All web-enabled Compaq management software
Vendor:                 Compaq
Operating System:       Microsoft Windows 9x, NT and 2000, 
                        NetWare, 
                        SCO Open Server, SCO UnixWare 7, 
                        RedHat 6.2 and 7.0, 
                        Tru64Unix and OpenVMS
Platform:               Alpha 
                        Intel
Impact:                 Root Compromise,
                        Administrator Compromise

- --------------------------BEGIN INCLUDED TEXT--------------------

- --------------------------------------------------------------------------
Source: Compaq Computer Corporation
Title: Compaq web-enabled management software potential
          security vulnerability.  
Reference: SSRT0705
Date: 10-Jan-2001
- --------------------------------------------------------------------------
Compaq web-enabled management software security vulnerability.  
Reference SSRT0705

The complete online document is available from
http://www.compaq.com/products/servers/management/agentsecurity.html
and should be checked as needed for new patch or release information.

Summary 
=======
Compaq continues to take a serious approach to the quality and security of
all its software products and makes every effort to address issues and
provide solutions in a timely manner. In line with this commitment, Compaq
is responding to recent concerns on a potential security vulnerability in
the web-enabled Compaq management software. This vulnerability has the
potential to enable unauthorized users to execute code at an administrator
level through the exploitation of a buffer overflow.

Scope of the problem 
====================
This Security Advisory applies to all web-enabled Compaq management
software. A list of affected software versions is included at the end of the
(online) Advisory. The web component of Compaq web-enabled management
software
provides HTTP services to allow management information to be accessible
through a web browser. Web-enabled management software is provided for the
majority of the operating systems that Compaq supports on its Intel and
Alpha server and client systems. These operating systems include Microsoft
Windows 9x, NT and 2000, NetWare, SCO Open Server, SCO UnixWare 7, RedHat
6.2 and 7.0, Tru64Unix and OpenVMS. Web-enabled management software is also
supported for Compaq storage products. 

Unaffected Software Versions
============================
The web-enabled component of the Remote Insight Lights-out Edition board is
NOT affected. Also unaffected are the downloadable integration modules that
Compaq provides to enhance the management of Compaq platforms from within
enterprise management consoles such as CA Unicenter TNG, Tivoli Enterprise,
Tivoli NetView and HP OpenView.

What Compaq is doing 
====================
Compaq is currently completing the testing and release of fixes for the
affected software. In addition to releasing new versions of the software,
Compaq will also release software patches to update the web-enabled
component of the affected software for customers who do not want to upgrade
their systems to the latest version. 
         
What Customers Should Do 
========================
Determine which systems are running Compaq web-enabled agents or utilities.
There are three methods suggested. Note that the lists generated by Methods
2 and 3, while helpful, may not be exhaustive lists of the systems with web
agents and utilities on your network. The lists will include only those
systems that are being managed either explicitly or because they have been
discovered.

Method 1 
Point a web browser at the system and key in 
http://[IP_ADDRESS]:2301 or http://[machine_name]:2301. 
This will bring up the device home page for the server if it is running
web-enabled management software, and display a list of the components. 

Method 2 
If you are using Compaq Insight Manager XE, you can get a list of systems
running the web agents by defining a Query to return a list of systems with
web agents. Login to your Compaq Insight Manager XE system and create a new
Query. Select the "Devices with Web Agent" criteria. Further, select all of
the available products on the Criteria Configuration screen. Save the Query
and execute it. The list of devices will be all those with web agents. 

Method 3 
If you are using the Compaq Insight Manager Windows 32 console, you can get
a list of systems running the web agents by starting Compaq Insight Manager
and selecting the "Web Device List" button on the toolbar. This will display
a list of systems being managed by Compaq Insight Manager and additionally
will have underlined as hyperlinks the systems on which the web agents are
present and enabled. To print out a list of only the web devices select the
"Web Devices" hyperlink in the left column and only web devices will be
shown. Simply print this page from your browser.

If for any reason you cannot wait until the fix is released, Compaq
recommends that you temporarily disable the web component of Compaq
management software on any systems where you have particular concerns.
Follow the procedures outlined in the online advisory.

Refer to the online advisory at
( http://www.compaq.com/products/servers/management/agentsecurity.html )


COMPAQ AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE
SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED
GRAPHICS AND/OR SOFTWARE PUBLISHED ON THIS SERVER FOR ANY PURPOSE. ALL SUCH
DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
KIND AND ARE SUBJECT TO CHANGE WITHOUT NOTICE. THE ENTIRE RISK ARISING OUT
OF THEIR USE REMAINS WITH THE RECIPIENT.   IN NO EVENT SHALL COMPAQ AND/OR
ITS RESPECTIVE
SUPPLIERS BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL,
PUNITIVE OR OTHER DAMAGES WHATSOEVER (INCLUDING WITHOUT LIMITATION, DAMAGES
FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS
INFORMATION), EVEN IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. 


- --------------------------END INCLUDED TEXT--------------------

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for emergencies.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBOm/y0Ch9+71yA2DNAQEtjgP/c5A6oRRFlhj577uYbf/XqAgxn7wJY06m
HYWekPRwmg7IV98+drocWB8fk8A2U5hlC6vwsqCqQBLWjFhGviIyHle5dZaxE/TG
0RwDQRYvlxMtr7dMK8UEremhtQ/xEqNQ+5jS0Zfhxp4H3UViqqJQSIAYdHgMnSxd
7Zsy+ydPP/g=
=u4ck
-----END PGP SIGNATURE-----