lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <47B0FEFB.3030309@ioactive.com>
Date: Mon, 11 Feb 2008 18:05:47 -0800
From: IOActive Advisories <advisory@...ctive.com>
To: bugtraq@...urityfocus.com
Subject: IOActive Security Advisory: Multiple Remote SiteScope Vulnerabilities

IOActive Security Advisory

Title:		Multiple Remote Vulnerabilities in Mercury SiteScope
Severity:	Critical

Date Discovered:	10.05.2006
Date Reported:		05.21.2007
Date Disclosed:		09.20.2007

Affected Products:
	Mercury SiteScope - All Versions

Synopsis:
	IOActive has discovered multiple critical vulnerabilities within the
Mercury SiteScope server monitoring software, some of which 	allow for
complete remote compromise of the entire monitored network, as well as
arbitrary code execution on all servers managed by the SiteScope
software. It is stressed that, by design, the compromise of a single
SiteScope node, or the server side, allows for the compromise of every
server on the network with the SiteScope agent active.

	IOActive is coordinating with the owners of this product, Hewlett
Packard, in order to expediently provide remediation patches for all
effected versions of the system. As such, technical details will not be
released with this advisory.

Description:
	Pending patch release.

Technical Details:
	Pending patch release.

Remediation:
	A full patch for the vulnerabilities discovered by IOActive is
currently in development by Hewlett Packard.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ