2070 : Compaq Insight Agent SSL overflow
Printer | http://osvdb.org/2070 | Email This | Edit Vulnerability

Views This Week

Views All Time

155

Info

Last Modified

11 months ago

Percent Complete

70%

Disclosure

Jul 30, 2002

Discovery

Jul 30, 2002

Dates

Exploit

Unknown

Solution

Unknown

Description

The Compaq Insight Management Agents use a vulnerable version of OpenSSL, which contains many remotely-exploitable buffer overflows. The vendor lists the affected products and versions as "Insight Management Agents for Windows version 5.3 - 5.5, Insight Manager 7, Version Control Agents, Version Control Repository Manager, Array Configuration Utility, HP Survey Utility for Windows, and Intelligent Cluster Administrator." Insight Management Agents for non-Windows platforms are listed as non-vulnerable.

Classification

Attack Type: Input Manipulation

Technical

Agents listen on TCP ports 2381 and 2301. Vulnerable agents are built on OpenSSL version 0.9.6b. Updated agents use OpenSSL version 0.9.6g.

Solution

Compaq has released various patches for the vulnerable software components.

Products

Hewlett-Packard Development Company, L.P.	Array Configuration Utility	Unknown or Unspecified
	Insight Management Agents	5.3
		5.4
		5.5
	Insight Manager	7
	Intelligent Cluster Administrator	Unknown or Unspecified
	Survey Utility	Unknown or Unspecified
	Version Control Agents	Unknown or Unspecified
	Version Control Repository Manager	Unknown or Unspecified

References

Related OSVDB ID: 1958 787
CERT: CA-2002-23
Keyword: CIM web SSL

Manual Testing Notes

Determine which systems are running HP web-enabled agents or utilities. There are three methods suggested. (Provided by Compaq)

Method 1
Environments running Insight Manager 7, can get a list of systems running the web-enabled agents by defining a Query to return a list of systems with web agents.
Login to your Insight Manager 7 system and create a new Query. Select the "Devices with Web Agent" criteria.
- Select all of the available products on the Criteria Configuration screen.
- Save the Query and execute it. The list of devices will be all those with web agents. You may wish to use this query with the Reports feature of Insight Manager 7 (available in SP1 and greater) to get printouts of the devices and the software loaded. (Insight Manager XE users may follow a similar procedure up to but not including the reports.)
NOTE: Prior to running through this procedure, you may want to perform a new discovery and data collection.
If you first make sure that the discovery range covers all of the subnets visible to the Insight Manager 7 system, you will get a potentially more comprehensive report.

Method 2
Systems running HP Insight Manager Windows 32 console, can get a list of systems running the web agents by starting HP Insight Manager and selecting the "Web Device List" button on the toolbar. This will display a list of systems being managed by HP Insight Manager and additionally will have underlined as hyperlinks the systems on which the web agents are present and enabled. To print out a list of only the web devices, select the "Web Devices" hyperlink in the left column and only web devices will be shown. Print this page from your browser.
NOTE: The lists generated by Methods 1 and 2, while helpful, may not be exhaustive lists of the systems with web-enabled agents and utilities. The lists will include only those systems that are being managed either explicitly or because they have been discovered.

Method 3
Point a web browser to the system by keying in
http://[IP_ADDRESS]:2301 or http://[machine_name]:2301.
- This will bring up the device home page for any servers running web-enabled management software. This procedure identifies the presence of the software on 1 system and assumes that you already know the device name or IP address of every device and use this procedure to visit them.

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Technical

Solution

Products

Hewlett-Packard Development Company, L.P.

Array Configuration Utility

Insight Management Agents

Insight Manager

Intelligent Cluster Administrator

Survey Utility

Version Control Agents

Version Control Repository Manager

References

Manual Testing Notes

Credit

Blogs

Comments