Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2001.018 -- COMPAQ SSRT0705 Security Advisory Compaq web-enabled management software potential security vulnerability 16 January 2001 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: All web-enabled Compaq management software Vendor: Compaq Operating System: Microsoft Windows 9x, NT and 2000, NetWare, SCO Open Server, SCO UnixWare 7, RedHat 6.2 and 7.0, Tru64Unix and OpenVMS Platform: Alpha Intel Impact: Root Compromise, Administrator Compromise - --------------------------BEGIN INCLUDED TEXT-------------------- - -------------------------------------------------------------------------- Source: Compaq Computer Corporation Title: Compaq web-enabled management software potential security vulnerability. Reference: SSRT0705 Date: 10-Jan-2001 - -------------------------------------------------------------------------- Compaq web-enabled management software security vulnerability. Reference SSRT0705 The complete online document is available from http://www.compaq.com/products/servers/management/agentsecurity.html and should be checked as needed for new patch or release information. Summary ======= Compaq continues to take a serious approach to the quality and security of all its software products and makes every effort to address issues and provide solutions in a timely manner. In line with this commitment, Compaq is responding to recent concerns on a potential security vulnerability in the web-enabled Compaq management software. This vulnerability has the potential to enable unauthorized users to execute code at an administrator level through the exploitation of a buffer overflow. Scope of the problem ==================== This Security Advisory applies to all web-enabled Compaq management software. A list of affected software versions is included at the end of the (online) Advisory. The web component of Compaq web-enabled management software provides HTTP services to allow management information to be accessible through a web browser. Web-enabled management software is provided for the majority of the operating systems that Compaq supports on its Intel and Alpha server and client systems. These operating systems include Microsoft Windows 9x, NT and 2000, NetWare, SCO Open Server, SCO UnixWare 7, RedHat 6.2 and 7.0, Tru64Unix and OpenVMS. Web-enabled management software is also supported for Compaq storage products. Unaffected Software Versions ============================ The web-enabled component of the Remote Insight Lights-out Edition board is NOT affected. Also unaffected are the downloadable integration modules that Compaq provides to enhance the management of Compaq platforms from within enterprise management consoles such as CA Unicenter TNG, Tivoli Enterprise, Tivoli NetView and HP OpenView. What Compaq is doing ==================== Compaq is currently completing the testing and release of fixes for the affected software. In addition to releasing new versions of the software, Compaq will also release software patches to update the web-enabled component of the affected software for customers who do not want to upgrade their systems to the latest version. What Customers Should Do ======================== Determine which systems are running Compaq web-enabled agents or utilities. There are three methods suggested. Note that the lists generated by Methods 2 and 3, while helpful, may not be exhaustive lists of the systems with web agents and utilities on your network. The lists will include only those systems that are being managed either explicitly or because they have been discovered. Method 1 Point a web browser at the system and key in http://[IP_ADDRESS]:2301 or http://[machine_name]:2301. This will bring up the device home page for the server if it is running web-enabled management software, and display a list of the components. Method 2 If you are using Compaq Insight Manager XE, you can get a list of systems running the web agents by defining a Query to return a list of systems with web agents. Login to your Compaq Insight Manager XE system and create a new Query. Select the "Devices with Web Agent" criteria. Further, select all of the available products on the Criteria Configuration screen. Save the Query and execute it. The list of devices will be all those with web agents. Method 3 If you are using the Compaq Insight Manager Windows 32 console, you can get a list of systems running the web agents by starting Compaq Insight Manager and selecting the "Web Device List" button on the toolbar. This will display a list of systems being managed by Compaq Insight Manager and additionally will have underlined as hyperlinks the systems on which the web agents are present and enabled. To print out a list of only the web devices select the "Web Devices" hyperlink in the left column and only web devices will be shown. Simply print this page from your browser. If for any reason you cannot wait until the fix is released, Compaq recommends that you temporarily disable the web component of Compaq management software on any systems where you have particular concerns. Follow the procedures outlined in the online advisory. Refer to the online advisory at ( http://www.compaq.com/products/servers/management/agentsecurity.html ) COMPAQ AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS AND/OR SOFTWARE PUBLISHED ON THIS SERVER FOR ANY PURPOSE. ALL SUCH DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND AND ARE SUBJECT TO CHANGE WITHOUT NOTICE. THE ENTIRE RISK ARISING OUT OF THEIR USE REMAINS WITH THE RECIPIENT. IN NO EVENT SHALL COMPAQ AND/OR ITS RESPECTIVE SUPPLIERS BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR OTHER DAMAGES WHATSOEVER (INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION), EVEN IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - --------------------------END INCLUDED TEXT-------------------- This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOm/y0Ch9+71yA2DNAQEtjgP/c5A6oRRFlhj577uYbf/XqAgxn7wJY06m HYWekPRwmg7IV98+drocWB8fk8A2U5hlC6vwsqCqQBLWjFhGviIyHle5dZaxE/TG 0RwDQRYvlxMtr7dMK8UEremhtQ/xEqNQ+5jS0Zfhxp4H3UViqqJQSIAYdHgMnSxd 7Zsy+ydPP/g= =u4ck -----END PGP SIGNATURE-----