search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Compaq web-enabled management software acts as generic proxy

Vulnerability Note VU#991240

Original Release Date: 2001-04-06 | Last Revised: 2001-08-30

Overview

Remote attackers may be able to relay connections through systems running the Compaq web-enabled management software. Attackers relaying connection in this way may be able to access restricted portions of the network or disguise their identity while attacking other systems. Many Compaq products are affected, from personal computers to commercial UNIX operating systems.

Description

The Compaq web-enabled management software allows system management information to be accessed through a web interface. As an unintended side effect, remote attackers may be able to relay connections through systems running the vulnerable software. This is attractive to intruders because they may use this feature to hide their identity (disguised as the system running the web-enabled management software) while attacking other systems. If the vulnerable system has access to more than one network, the attacker may also be able to bypass normal firewall restrictions or access restricted networks.

Affected Compaq products include those running Microsoft Windows 9x, Windows NT, Windows 2000, NetWare, SCO Open Server, SCO UnixWare 7, RedHat 6.2, RedHat 7.0, Tru64Unix, and OpenVMS. Web-enabled management software is also supported for Compaq storage products.

Compaq has produced a security advisory describing this problem at

Impact

A remote intruder may be able to relay TCP connections through systems running the vulnerable software.

Solution

Apply a Patch

Apply a patch from your vendor. Information about patches to correct this problem is available in the Compaq security advisory. The patches in the advisory also address the more serious problems described in Compaq security advisory SSRT0705 and VU#137024.

Disable the Web-Enabled Management Software


You can prevent this vulnerability from being exploited by disabling the web-enabled management software.

Block Ports 2301 and 280 at Your Perimeter

Port 2301 (the device management port) is the port used to access the vulnerable code. Blocking access to this port from untrusted sources may reduce the risk of exploitation. You may also wish to block port 280 (the Compaq Insight Manager XE port).

Vendor Information

991240
Expand all

Compaq Computer Corporation

Updated:  April 06, 2001

Status

  Vulnerable

Vendor Statement

Compaq has published a security advisory about this issue:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This document was written by Cory F. Cohen.

Other Information

CVE IDs: None
Severity Metric: 9.81
Date Public: 2001-03-22
Date First Published: 2001-04-06
Date Last Updated: 2001-08-30 16:25 UTC
Document Revision: 7

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.