[Snort-sigs] Compaq Insight Management Agent

Rich Adamson radamson at ...908...
Wed Aug 6 08:25:02 EDT 2003


Over the years it seems as though Compaq's Insight Mgmt has had several 
vulnerabilities (and open ports that typically aren't well published).
Is anyone working on snort rules to detect this stuff?

Rich


> TITLE:
> Compaq Insight Management Agent Format String Vulnerability
> 
> READ ONLINE:
> http://www.secunia.com/advisories/9453/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From local network
> 
> SOFTWARE:
> Compaq Insight Management Agent 5.x
> 
> DESCRIPTION:
> A vulnerability has been reported in Compaq Insight Management Agent,
> which may possibly allow malicious people to execute arbitrary code.
> 
> The problem is that the Compaq Insight Management Agent doesn't
> handle long requests containing format specifiers.
> 
> Example:
> "GET
> /<\x21.DebugSearchPaths>?Url=a_long_string_with_malicious_characters".
> 
> This has been reported to affect version 5.00H and possibly earlier
> versions.
> 
> SOLUTION:
> Restrict access to the service so that only management systems can
> connect.
> 






More information about the Snort-sigs mailing list