lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <443BD73A.7010608@src.telindus.com>
Date: Tue, 11 Apr 2006 18:20:10 +0200
From: SRC Telindus <research@....telindus.com>
To: bugtraq@...urityfocus.com, full-disclosure@...t.grok.org.uk
Subject: [SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized
 Access


HP System Management Homepage Remote Unauthorized Access
--------------------------------------------------------

[Vulnerability]: Remote Authentication Bypass
[Product]:  CompaqHTTPServer/9.9 HP System Management Homepage 2.1.3.132
and above
[Platform]: Microsoft® Windows® - Linux operating systems (IA32 and
Itanium Processor Family) - Tru64 UNIX v5.1A  and above (according to HP)
[Reference(s)]: http://src.telindus.com/articles/hpsm_vulnerability.html
[Date]: Feb 20 2006
[Date of report to vendor]:  Dec 12 2005

--------------------------------------------------------

[Vulnerability summary]: The HP System Management Homepage is a
web-based interface that consolidates and simplifies the management of
individual ProLiant and Integrity servers running Microsoft Windows or
Linux operating systems. By aggregating data from HP Insight Management
Agents and other management tools, the System Management Homepage
provides a secure and intuitive interface to review in-depth hardware
configuration and status data, performance metrics, system thresholds
and software version control information. The System Management Homepage
can also be used to access the HP Lights-Out Management processor on
ProLiant and Integrity servers. 
(http://h18004.www1.hp.com/products/servers/management/agents/).
Access to HP System Management Homepage requires credentials posting ;
with the trust mode settled to "Trust All" configuration, this
authentication can be bypassed by sending a crafted URL. Therefore, a
potential aggressor can manage vulnerable host (modification of hardware
configuration, of tasks, of allowed IP range, shutdown, etc. and many
actions from there such as surrounding network attacks).

[Vulnerability impact]: Remote administration throught web management
interface (modification of hardware configuration, of tasks, of allowed
IP range, shutdown, etc., and many actions from there such as
surrounding network attacks)

----------------------------------------------------------------------

[Vendor fix]:  None

[Vendor response]: [..] Set the Trust level to "Trust by Certificates". 
This way only SIM servers with the appropriate level of access can do 
any access with STE or SSO.  This will not prevent an administrator from 
logging into the SMH either remotely or locally. The SMH and SIM 
documentation have more information on Trust Levels. The SMH Security 
setup selection for trusts indicates that the only recommended and truly 
secure trust level is by certificates.
http://www.hp.com/wwsolutions/misc/hpsim-helpfiles/mxhelp/mxportal/en/admin_security_about_secureTaskExecution.html#N1004B 

(STE definition)

----------------------------------------------------------------------

[Reported by]: TELINDUS SRC (Grégoire DE BACKER)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ