Compaq Management Agents 和 Compaq Survey Utility读取任意文件漏洞

Compaq Management Agents 和 Compaq Survey Utility读取任意文件漏洞

漏洞ID 1105458 漏洞类型 未知
发布时间 1999-05-25 更新时间 2005-05-02
图片[1]-Compaq Management Agents 和 Compaq Survey Utility读取任意文件漏洞-安全小百科CVE编号 CVE-1999-0771
图片[2]-Compaq Management Agents 和 Compaq Survey Utility读取任意文件漏洞-安全小百科CNNVD-ID CNNVD-199905-046
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19225
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199905-046
|漏洞详情
CompaqManagementAgents和CompaqSurveyUtility中的网络组件存在漏洞。远程攻击者通过一个..(点点)攻击读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/282/info

A vulnerability in the Compaq Management Agents and the Compaq Survey Utility when running as an agent allows remote malicious users to steal local files. All Compaq Server and Client Management Agents version 4.0 or later are vulnerable. All Compaq Survey Utility versions 2.0 or later are vulnerable.

Compaq's Insight Manger a comprehensive management tool to monitor and control the operation of Compaq servers and clients and DIGITAL X86 and Alpha-based servers. One of its features is web acess to its device and configuration information via a built-in web server in the agents. Insight Manager is available for several platforms including Windows NT and Netware.

The web server in the agents fails to check whether requested files fall outside its document tree (by using ".." in the URL). Thus attackers can retrieve files in the same drives as that on which the software resides if they know or can get it's filename.

The web server listens on port 2301. By default the only user accounts available in the agents are account "anonymous", username "anonymous", no password, account "user", username "user", password "public", and account "administrator", username "administrator", and password "administrator". You login via the URL http://www.example.com:2301/cpqlogin.htm.

One an attacker has access to on such machine, using Compaq's HTTP Auto-Discovery Device List at the URL http://www.example.com/cpqdev.htm they can locate other machines.

The web agent service also appears to be vulnerable a a denial of service. By sending it a request for over 223 bytes long ("AAAA...") the service will fail with an access violation. 

http://vulnerable-NT.com:2301/../../../winnt/repair/sam._
http://vulnerable-Netware.com:2301/../../../system/ldremote.ncf
|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:compaq:insight_management_agent*cpe:/a:compaq:power_management:2.0*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0771

相关推荐: Digital Creations Zope函数返回值漏洞

Digital Creations Zope函数返回值漏洞 漏洞ID 1205431 漏洞类型 未知 发布时间 2001-08-22 更新时间 2001-08-22 CVE编号 CVE-2001-0569 CNNVD-ID CNNVD-200108-100 漏…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享