Vulnerability Note VU#275979

Compaq web-enabled management software buffer overflow vulnerability

Affected Compaq products include those running Microsoft Windows 9x, Windows NT, Windows 2000, NetWare, SCO Open Server, SCO UnixWare 7, RedHat 6.2, RedHat 7.0, Tru64Unix, and OpenVMS. Web-enabled management software is also supported for Compaq storage products.

Compaq has produced a security advisory describing this problem at

http://www.compaq.com/products/servers/management/SSRT0758.html

Apply a patch from your vendor. Information about patches to correct this problem is available in the Compaq security advisory. The patches described in Compaq security advisory SSRT0758 correct this vulnerability and those decribed in VU#137024 and VU#991240.
Disable the Web-Enabled Management Software

You can prevent this vulnerability from being exploited by disabling the web-enabled management software.

Block Ports 2301 and 280 at Your Perimeter

Port 2301 (the device management port) is the port used to access the vulnerable code. Blocking access to this port from untrusted sources may reduce the risk of exploitation. You may also wish to block port 280 (the Compaq Insight Manager XE port).

Systems Affected

http://www.kb.cert.org/vuls/id/991240
http://www.kb.cert.org/vuls/id/137024
http://www.compaq.com/products/servers/management/SSRT0758.html
http://www.compaq.com/products/servers/management/mgtsw-advisory.html
http://www.compaq.com/products/servers/management/mgtsw-advisory2.html
http://www.securityfocus.com/bid/3376

Credit

The CERT/CC thanks Compaq for their advisory on this topic.

This document was written by Cory F. Cohen.

Other Information

If you have feedback, comments, or additional information about this vulnerability, please send us email.