| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Feb 2008 18:05:47 -0800 From: IOActive Advisories <advisory@...ctive.com> To: bugtraq@...urityfocus.com Subject: IOActive Security Advisory: Multiple Remote SiteScope Vulnerabilities IOActive Security Advisory Title: Multiple Remote Vulnerabilities in Mercury SiteScope Severity: Critical Date Discovered: 10.05.2006 Date Reported: 05.21.2007 Date Disclosed: 09.20.2007 Affected Products: Mercury SiteScope - All Versions Synopsis: IOActive has discovered multiple critical vulnerabilities within the Mercury SiteScope server monitoring software, some of which allow for complete remote compromise of the entire monitored network, as well as arbitrary code execution on all servers managed by the SiteScope software. It is stressed that, by design, the compromise of a single SiteScope node, or the server side, allows for the compromise of every server on the network with the SiteScope agent active. IOActive is coordinating with the owners of this product, Hewlett Packard, in order to expediently provide remediation patches for all effected versions of the system. As such, technical details will not be released with this advisory. Description: Pending patch release. Technical Details: Pending patch release. Remediation: A full patch for the vulnerabilities discovered by IOActive is currently in development by Hewlett Packard.
Powered by blists - more mailing lists