发布时间 :2001-03-12 00:00:00
修订时间 :2016-10-17 22:09:49

[原文]Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.

[CNNVD]Compaq Web Admin缓冲区溢出漏洞(CNNVD-200103-064)

        各种例如Insight Manager和Management Agents的Compaq管理软件产品中web-enabled代理cpqlogin.htm存在缓冲区溢出漏洞。远程攻击者借助超长用户名执行任意命令。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:compaq:foundation_agents:1.0Compaq Compaq Foundation Agents 1.0
cpe:/a:compaq:foundation_agents:4.0Compaq Compaq Foundation Agents 4.0
cpe:/a:compaq:foundation_agents:2.1Compaq Compaq Foundation Agents 2.1
cpe:/a:compaq:enterprise_volume_manager-command_scripter:1.1Compaq Enterprise Volume Manager_Command Scripter 1.1
cpe:/a:compaq:open_san_manager:1.0Compaq Open SAN Manager 1.0
cpe:/a:compaq:enterprise_volume_manager-command_scripter:1.0Compaq Enterprise Volume Manager_Command Scripter 1.0
cpe:/a:compaq:survey_utility:2.18Compaq Survey Utility 2.18
cpe:/a:compaq:survey_utility:2.17Compaq Survey Utility 2.17
cpe:/a:compaq:intelligent_cluster_administrator:1.0Compaq Intelligent Cluster Administrator 1.0
cpe:/a:compaq:system_healthcheck:3.0Compaq System Healthcheck 3.0
cpe:/a:compaq:sanworks_resource_monitor:1.0Compaq SANWorks Resource Monitor 1.0
cpe:/a:compaq:foundation_agents:4.90Compaq Compaq Foundation Agents 4.90
cpe:/a:compaq:intelligent_cluster_administrator:2.1Compaq Intelligent Cluster Administrator 2.1
cpe:/a:compaq:insight_manager_xe:1.21Compaq Insight Manager XE 1.21
cpe:/a:compaq:storage_allocation_reporter:1.0Compaq Storage Allocation Reporter 1.0
cpe:/a:compaq:armada_insight_manager:4.20jCompaq Armada Insight Manager 4.20j
cpe:/a:compaq:insight_manager_xe:1.0Compaq Insight Manager XE 1.0
cpe:/a:compaq:survey_utility:2.33Compaq Survey Utility 2.33
cpe:/a:compaq:armada_insight_manager:4.20Compaq Armada Insight Manager 4.20
cpe:/a:compaq:insight_management_desktop_web_agent:3.7Compaq Insight Management Desktop Web Agents 3.7
cpe:/a:compaq:insight_manager_lc:1.50aCompaq Insight Manager LC 1.50A
cpe:/a:compaq:insight_management_agent:4.37eCompaq Management Agents 4.37E

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20010116 iXsecurity.20001120.compaq-authbo.a

- 漏洞信息

Compaq Web Admin缓冲区溢出漏洞
危急 缓冲区溢出
2001-03-12 00:00:00 2005-10-20 00:00:00
        各种例如Insight Manager和Management Agents的Compaq管理软件产品中web-enabled代理cpqlogin.htm存在缓冲区溢出漏洞。远程攻击者借助超长用户名执行任意命令。

- 公告与补丁

        Affected users are advised to upgrade to the latest patches provided by the vendor at:

- 漏洞信息

Multiple Compaq Management Software cpqlogin.htm Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-01-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Compaq Web Admin Buffer Overflow Vulnerability
Input Validation Error 2200
No Yes
2001-01-11 12:00:00 2009-07-11 04:46:00
Reported by iXsecurity <> on Tue, Jan 16, 2001

- 受影响的程序版本

Digital (Compaq) TRU64/DIGITAL UNIX 5.0
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
Compaq System Healthcheck 3.0
Compaq Survey Utility 2.33
Compaq Survey Utility 2.18
Compaq Survey Utility 2.17
Compaq Storage Allocation Reporter 1.0
Compaq SANWorks Resource Monitor 1.0
Compaq Open SAN Manager 1.0
Compaq Management Agents 4.37 E
Compaq Management Agents 4.36 j
Compaq Management Agents 4.36 E
Compaq Management Agents 4.35 j
Compaq Management Agents 4.30 j
Compaq Intelligent Cluster Administrator 2.1
Compaq Intelligent Cluster Administrator 1.0
Compaq Insight Manager XE 1.21
Compaq Insight Manager XE 1.0
Compaq Insight Manager LC 1.50 A
Compaq Insight Manager LC 1.3 c
Compaq Insight Management Desktop Web Agents 3.7
Compaq Enterprise Volume Manager/Command Scripter 1.1
Compaq Enterprise Volume Manager/Command Scripter 1.0
Compaq Compaq Foundation Agents 4.90
Compaq Compaq Foundation Agents 4.0
Compaq Compaq Foundation Agents 2.1
Compaq Compaq Foundation Agents 1.0
Compaq Armada Insight Manager 4.20 j
Compaq Armada Insight Manager 4.20

- 漏洞讨论

A vulnerability has been reported in the web-based administration component common to a number of Compaq software products.

The administration tool is vulnerable to buffer overflow attack techniques employing maliciously-formed user-supplied input. Properly exploited, this vulnerability can allow a remote attacker to execute arbitrary code on the affected system, with the privilege level of the system administrator.

The advisory did not provide further information about this vulnerability.

The following was excerpted from notification by &lt;;:

Affected Technologies:
Compaq Foundation Agents 4.0-4.90, 1.0-2.1
Digital Unix (Tru64) 4.0F and later
Insight Manager XE 1.0-2.1, LC 1.03c, 1.50A
Survey Utility 2.17-2.33
Intelligent Cluster Admin 1.0-2.1
System Healthcheck 3.0.0
Enterprise Volume Manager/Command Scripter 1.1 and 1.0
Insight Management Desktop Web Agents 3.70
Armada Insight Mgr 4.20-4.20J
Management Agents 4.30-4.35, 4.36-4.37E, 4.36E
Open SAN Manager 1.0
SANWorks Resource Monitor 1.0
Storage Allocation Reporter 1.0

- 漏洞利用

Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

Affected users are advised to upgrade to the latest patches provided by the vendor at:

- 相关参考