Info

Disclosure

Jul 30, 2002

Discovery

Jul 30, 2002

Dates

Exploit

Unknown

Solution

Unknown

Description

The Compaq Insight Management Agents use a vulnerable version of OpenSSL, which contains many remotely-exploitable buffer overflows. The vendor lists the affected products and versions as "Insight Management Agents for Windows version 5.3 - 5.5, Insight Manager 7, Version Control Agents, Version Control Repository Manager, Array Configuration Utility, HP Survey Utility for Windows, and Intelligent Cluster Administrator." Insight Management Agents for non-Windows platforms are listed as non-vulnerable.

Classification

Attack Type: Input Manipulation

Solution

Compaq has released various patches for the vulnerable software components.

Products

Hewlett-Packard Development Company, L.P.	Array Configuration Utility	Unknown or Unspecified
	Insight Management Agents	5.3
		5.4
		5.5
	Insight Manager	7
	Intelligent Cluster Administrator	Unknown or Unspecified
	Survey Utility	Unknown or Unspecified
	Version Control Agents	Unknown or Unspecified
	Version Control Repository Manager	Unknown or Unspecified

References

Related OSVDB ID: 1958 787
CERT: CA-2002-23
Keyword: CIM web SSL

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Hewlett-Packard Development Company, L.P.

Array Configuration Utility

Insight Management Agents

Insight Manager

Intelligent Cluster Administrator

Survey Utility

Version Control Agents

Version Control Repository Manager

References

Credit