Vulnerability Note VU#137024
Compaq web-enabled management software contains buffer overflow in authentication username
The Compaq web-enabled management software contains a buffer overflow in the authentication component of the product. Remote intruders may be able to execute arbitrary code with privileges on affected systems. Many Compaq products are affected, from personal computers to commercial UNIX operating systems.
The Compaq web-enabled management software allows system management information to be accessed through a web interface. This web interface is secured by an login dialog accessible on port 2301 of the system running the vulnerable software. The authentication code has a buffer overflow in the username field, allowing a remote intruder to execute arbitrary code with the privileges of the Compaq web-enabled management software. This often includes elevated privileges (e.g., root or Administrator).
Affected Compaq products include those running Microsoft Windows 9x, Windows NT, Windows 2000, NetWare, SCO Open Server, SCO UnixWare 7, RedHat 6.2, RedHat 7.0, Tru64Unix, and OpenVMS. Web-enabled management software is also supported for Compaq storage products.
A remote intruder may be able to execute arbitrary code with privileges on systems running the vulnerable software.
Apply a Patch
Disable the Web-Enabled Management Software
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Compaq Computer Corporation||Affected||11 Jan 2001||06 Apr 2001|
CVSS Metrics (Learn More)
This document was written by Cory F. Cohen.
- CVE IDs: CAN-2001-0134
- Date Public: 16 Jan 2001
- Date First Published: 06 Apr 2001
- Date Last Updated: 30 Aug 2001
- Severity Metric: 38.96
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.