Last Day to Save $400 on SANS Albuquerque 2014

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 33
August 19, 2005

Many smaller organizations relied on Novell for security through obscurity (STO) - hoping no one would find the flaws. Now the millions of users of Novell eDirectory iMonitor have learned that STO doesn't work for ever. The risk from this programming error is an enterprise-wide compromise and loss of all unencrypted data. (#1)

Also a critical vulnerability was discovered in another back-up product - - EMC Legato and Sun StorEde that uses Legato. The full contents of your back ups are at rsik. (#2).

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 0 (#3)
    • Third Party Windows Apps
    • 3
    • Mac Os
    • 1 (#4)
    • HP-UX
    • 2
    • Novell
    • 1
    • Cross Platform
    • 3 (#1, #2, #6, #7)
    • Web Application
    • 24 (#5)
    • Network Device
    • 3

******************** Sponsored by SurfControl ***************************

Test your defenses! Can you build a bullet-proof email security system? Try our network simulator and set up our ultra-powerful e- mail appliance, RiskFilter, to fight spam, viruses, spyware and other blended and emerging threats - even protect outgoing email. It's fun. It's challenging. Put your security skill to the test. Logon now. http://www.surfcontrol.com/go/XRFN4

*************************************************************************

Security Training Update "SANS is the ultimate security training program. It is the most intensive and informative security training available -- a must have for infosec professionals." (Aaron Despain, TriWest Healthcare)

Scheduled SANS training programs over the next three months in: Boston, New York, Whippany NJ, Baltimore, Virginia Beach, Herndon VA, Orlando, New Orleans, Chicago, Dallas, Los Angeles, San Jose CA, Portland OR; Ottawa, Tokyo, Barcelona, Vancouver, Amsterdam. Details: http://www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
HP-UX
Novell
Cross Platform
Web Application
Network Device

************************ Sponsored Links ********************************

1) Learn how Security + Network = Business Control with QRadar Attend a FREE online demo. Register today! http://www.sans.org/info.php?id=847

2) Solve remote connectivity and security problems. FREE Top 10 Malware Protection Techniques for Remote Access Connections. http://www.sans.org/info.php?id=848

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar (rohitd_at_tippingpoint.com) at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) HIGH: Internet Explorer MSDDS.DLL Remote Code Execution
  • Affected:
    • Internet Explorer 6.0 and potentially all prior versions
    • MSDDL.DDL versions prior to 7.10.x
  • Description: Internet Explorer contains a heap memory corruption flaw while loading "msdds.dll" as an ActiveX object. This vulnerability is similar to the earlier reported ones involving many DLLs for which patches MS05-037 and MS05-038 were issued. A malicious webpage can exploit the flaw to execute arbitrary code on a client system with the privileges of the logged-on user. The vulnerable DLL is not installed by default on all Windows systems; SANS has identified a list of software that can potentially install this DLL - Visual Studio .NET 2002/2003, Microsoft Office, Project, Access and Visio. Note that even if MSDDS.DLL is not installed on a user's machine, an attacker can force its download via the "codebase" attribute while instantiating the ActiveX object. However, the download would require user interaction. Exploit code has been publicly posted.

  • Status: Microsoft has issued an advisory with various workarounds. One way to resolve the issue is to set the kill bit for the MSDDS.DLL. The CLSID of this DLL is EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F. Instructions for setting kill bit for an ActiveX control are available at: http://support.microsoft.com/kb/q240797/ . Alternatively, download the kill bit utility provided by Intelguardians at http://isc.sans.org/msddskillbit.php.

  • Council Site Actions: All reporting council sites are waiting for official word and a patch from Microsoft. One site will consider setting the kill bit if fix is not in the August patch bundle or if this starts being exploited on a wide-scale basis.

  • References:
  • (4) HIGH: Apple Cumulative Security Update 2005-007
  • Affected:
    • Mac OS X Server version 10.3.9
    • Mac OS X Client version 10.3.9
  • Description: Apple released a cumulative security update for Mac OS that fixes over 33 vulnerabilities. The important vulnerabilities fixed include buffer overflows in the Directory Service, processing rich text/Microsoft Word file formats, Kerberos service, MySQL, OpenSSL, servermgrd, X11 and zlib. The update also fixes vulnerabilities in Safari browser that can lead to execution of arbitrary code on users' systems. The discoverers have not posted the technical details about many of the flaws.

  • Status: Apply the Apple Cumulative Update (version 1.1) to both server and client systems. Version 1.0 of this update breaks 64-bit applications.

  • Council Site Actions: One site has already scheduled the push of the update and another site is currently testing Update 2005-007 version 1.1 which fixes the 64-bit code break problem.

  • References:
  • (6) MODERATE: Adobe Acrobat and Adobe Reader Buffer Overflow
  • Affected:
    • Adobe Reader versions 5.1, 6.0-6.0.3, 7.0-7.0.2
    • Adobe Acrobat versions 5.0-5.0.5, 6.0-6.0.3, 7.0-7.0.2
  • Description: Adobe Acrobat and Reader contain a buffer overflow in one of the default plug-ins. A malicious PDF file may exploit the overflow to execute arbitrary code on a users' system. The flaw may be exploited without any user interaction as browsers like Internet Explorer, Mozilla and Firefox can open PDF documents automatically. No technical details that could lead to exploit code development have been posted yet.

  • Status: Adobe found the flaw and has released updates. Adobe offers an automatic update facility for certain versions which should be enabled.

  • Council Site Actions: One site is currently in the process of updating their systems. Two other sites will address it during their next regularly scheduled system update process.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 33, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4475 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.


  • 05.33.1 - CVE: CVE-MAP-NOMATCH
  • Platform: Third Party Windows Apps
  • Title: WinFTP Server Log-SCR Buffer Overflow
  • Description: WinFTP Server is a multithreaded FTP server for Windows 98/NT/XP. It is affected by a buffer overflow vulnerability in the "Log-SCR" function, a function for displaying server logs on screen. An attacker sends a request to the application containing an excessive amount of data which when viewed using the "Log-SCR" function results in a buffer overflow. Win FTP Server version 1.6.8 is vulnerable.
  • Ref: http://www.autistici.org/fdonato/advisory/WinFtpServer1.6.8-adv.txt

  • 05.33.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Chris Moneymaker's World Poker Championship Buffer Overflow
  • Description: Chris Moneymaker's World Poker Championship is an online poker game. It is vulnerable to a buffer overflow issue due to insecure usage of sprintf() when a player joins a game. A remote attacker could exploit this issue to run arbitrary code on a vulnerable system. World Poker Championship version 1.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14587/info

  • 05.33.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Veritas Backup Exec Remote Agent Arbitrary File Download
  • Description: Veritas Backup Exec is a network enabled backup solution. It is affected by an unauthorized download of arbitrary files vulnerability. This issue is exposed through TCP port 10000, which is the NDMP (Network Data Management Protocol) listener port for Backup Exec Remote Agent. Access to the service may be gained with a CONNECT_CLIENT_AUTH request that specifies a user of "root" and a password value of "xb4xb8x0fx26x20x5cx42x34x03xfcxaexeex8fx91x3dx6f". It is then possible to dump arbitrary files from the computer in MTF (Microsoft Tape Format). Please see the advisory for details.
  • Ref: http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html

  • 05.33.4 - CVE: CAN-2004-0079, CAN-2004-0112, CAN-2004-0885,CAN-2004-1083, CAN-2004-1084, CAN-2004-1189, CAN-2005-0605,CAN-2005-0709, CAN-2005-0710, CAN-2005-0711, CAN-2005-1344,CAN-2005-1769, CAN-2005-2096, CAN-2005-1175, CAN-2005-1689,CAN-2005-1174, CAN-2005-2095
  • Platform: Mac Os
  • Title: Apple Mac OS X Multiple Vulnerabilities
  • Description: Multiple security vulnerabilities are reported to affect Apple Mac OS X. Apple has released SA-2005-08-15 to address these issues. Please refer to the advisory for further details.
  • Ref: http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

  • 05.33.5 - CVE: CAN-2004-0952
  • Platform: HP-UX
  • Title: HP Ignite-UX TFTP File Upload Vulnerability
  • Description: HP Ignite-UX is an installation, administration and recovery tool for the HP-UX operating system. During installation, Ignite-UX can use a TFTP server for remote access. During the process, parts of the server path can be made world writable. Versions of Ignite-UX prior to the C.6.2.241 patches are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14571

  • 05.33.6 - CVE: CAN-2004-0951
  • Platform: HP-UX
  • Title: HP Ignite-UX Password File Disclosure
  • Description: HP Ignite-UX is an installation, administration and recovery tool for the HP-UX operating system. During installation, Ignite-UX can use a TFTP server for remote access. Under some circumstances, a copy of the passwd file will be stored in the TFTP server path. This happens if the administrator runs the make_recovery command on the host. A copy of /etc/passwd will be created as "/var/opt/ignite/recovery/passwd.makrec", retrievable by anonymous TFTP clients. The vulnerability is present in versions prior to B.3.2.
  • Ref: http://www.securityfocus.com/archive/1/408221


  • 05.33.8 - CVE: CVE-MAP-NOMATCH
  • Platform: Cross Platform
  • Title: Cisco Clean Access API Access Validation
  • Description: Cisco Clean Access (CCA) is a software solution that scans devices attempting to connect to a network. The Cisco Clean Access API is prone to an authentication bypass issue that could allow unauthorized users to access the API. This could allow the attacker to bypass the security checks performed by CCA, change user role assignments, disconnect users from the system, and to obtain information about configured users. Cisco Clean Access (CCA) version 3.5.3 and older are reportedly vulnerable.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a00804f3127.s
    html

  • 05.33.9 - CVE: CVE-MAP-NOMATCH
  • Platform: Cross Platform
  • Title: Parlano MindAlign Multiple Unspecified Vulnerabilities
  • Description: Parlano MindAlign is an enterprise group messaging and collaboration server. It is prone to multiple unspecified vulnerabilities like user enumeration, cross-site scripting, authentication bypass and weak encryption. Successful exploitation of these issues could lead to unauthorized access, information disclosure or denial of service. MindAlign versions 5.0 and later are vulnerable to these issues.
  • Ref: http://www.uniras.gov.uk/niscc/docs/br-20050812-00673.html

  • 05.33.10 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CPAINT Multiple Vulnerabilities
  • Description: CPAINT provides code to implement AJAX and JSRS on the back-end. It is vulnerable to unspecified command execution and information disclosure issues. CPAINT version 1.3 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/408130

  • 05.33.11 - CVE: Not Available
  • Platform: Web Application
  • Title: phpPgAds Lib-View-Direct.INC.PHP SQL Injection
  • Description: phpPgAds is a banner ad management application. Insufficient sanitization of the "clientid" parameter of the "lib-view-direct.inc.php" script exposes the application to an SQL injection issue. phpPgAds version 2.0.6 was released to fix this issue.
  • Ref: http://www.securityfocus.com/bid/14583/info

  • 05.33.12 - CVE: Not Available
  • Platform: Web Application
  • Title: ECW Shop Index.PHP HTML Injection Vulnerability
  • Description: ECW Shop is a shopping cart system. It is reported to be vulnerable to an HTML injection issue due to improper sanitization of user-supplied input to the "max" and "ctg" parameters of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/14579

  • 05.33.13 - CVE: Not Available
  • Platform: Web Application
  • Title: ECW Shop Order Manipulation
  • Description: ECW Shop is a shopping cart application. It is vulnerable to an input validation issue due to insufficent sanitization of the URI parameter data when computing product charges. ECW Shop version 6.0.2 is reported to be vulnerable.
  • Ref: http://www.nobytes.com/nobytes9.txt

  • 05.33.14 - CVE: Not Available
  • Platform: Web Application
  • Title: Dada Mail Archives HTML Injection
  • Description: Dada Mail is a mailing list management application. It is vulnerable to an HTML injection issue due to insufficient sanitization of archived messages. Dada Mail version 2.9.2 is vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=349531

  • 05.33.15 - CVE: CAN-2005-2608
  • Platform: Web Application
  • Title: SafeHTML UTF-7 and CSS Comment Tag Cross Site Scripting Vulnerabilities
  • Description: SafeHTML is a parser which strips down all potentially dangerous HTML code, written in PHP. It is prone to cross-site scripting vulnerabilities, specifically in dealing with UTF-7 encoding of characters and with CSS comment tags. An attacker can compose malicious character sequences that will bypass the security restrictions of the affected application. SafeHTML versions prior to 1.3.5 are affected by these issues.
  • Ref: http://www.securityfocus.com/bid/14574

  • 05.33.16 - CVE: Not Available
  • Platform: Web Application
  • Title: PersianBlog Userslist.ASP SQL Injection
  • Description: PersianBlog is web log software implemented in ASP. PersianBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the "page" parameter of "userslist.asp" script.
  • Ref: http://www.securityfocus.com/archive/1/408250

  • 05.33.17 - CVE: CVE-MAP-NOMATCH
  • Platform: Web Application
  • Title: CPAINT xmlhttp Request Input Validation
  • Description: CPAINT is an AJAX (Asynchronous JavaScript+XML) and JSRS (JavaScript Remote Scripting) implementation. It is prone to multiple input validation vulnerabilities due to the way xmlhttp request is implemented. Although there are some initial security checks made in the form of user input sanitization, an attacker can bypass these by separating malicious input amongst various arguments to different functions. CPAINT version 1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/408251

  • 05.33.18 - CVE: Not Available
  • Platform: Web Application
  • Title: ECW Shop Index.PHP SQL Injection
  • Description: ECW Shop is a shopping cart system. Insufficient sanitization of the "max" and "min" parameters of the "index.php" script exposes the application to an SQL injection issue. ECW-Shop version 6.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/14576

  • 05.33.19 - CVE: Not Available
  • Platform: Web Application
  • Title: ECW Shop Index.PHP Cross-Site Scripting
  • Description: ECW Shop is a shopping cart system. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "index.php" script. An attacker may leverage this issue to steal cookie-based authentication credentials or to perform other attacks. ECW-Shop version 6.0.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14578

  • 05.33.20 - CVE: CAN-2005-252310.4.2 and earlier are affected.
  • Platform: Web Application
  • Title: Apple Mac OS X Weblog Server Cross-Site Scripting
  • Description: Apple Mac OS X provides a weblog server. Insufficient sanitization of the "author" and "comments" sections exposes the application to a cross-site scripting issue. Mac OS X Server versions
  • Ref: http://docs.info.apple.com/article.html?artnum=302163

  • 05.33.21 - CVE: CAN-2005-2603
  • Platform: Web Application
  • Title: My Image Gallery Multiple Cross-Site Scripting Vulnerabilities
  • Description: My Image Gallery is an image gallery management system. It is vulnerable to multiple cross-site scripting issues due to improper sanitization of user-supplied input to "index.php" script. An attacker could exploit this issue to steal cookie based authentication or other attacks. My Image Gallery version 1.4.1 is vulnerable.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=349348

  • 05.33.22 - CVE: Not Available
  • Platform: Web Application
  • Title: Isemarket JaguarControl ActiveX Control Buffer Overflow
  • Description: Isemarket JaguarControl ActiveX control is reported to be vulnerable to a buffer overflow issue due to improper boundary checks. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/14558

  • 05.33.23 - CVE: Not Available
  • Platform: Web Application
  • Title: Dokeos Multiple Directory Traversal Vulnerabilities
  • Description: Dokeos is an online course management and e-learning application. Insufficient sanitization of the "move_file" and "move_to" parameters of the "/claroline/document/document.php" script exposes the application to multiple directory traversal vulnerabilities. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/14563/info

  • 05.33.24 - CVE: CAN-2005-2498
  • Platform: Web Application
  • Title: PHPXMLRPC and PEAR XML_RPC Remote Code Injection
  • Description: PHPXMLRPC and PEAR_XML_RPC are XML-RPC protocol implementations. They are vulnerable to a remote PHP code injection issue due to a failure in the application to properly sanitize user-supplied input. PHPXMLRPC version 1.1.1 and PEAR XML_RPC version 1.3.3 are vulnerable.
  • Ref: http://www.hardened-php.net/advisory_152005.67.html

  • 05.33.25 - CVE: Not Available
  • Platform: Web Application
  • Title: Discuz! Arbitrary File Upload Vulnerability
  • Description: Discuz! is a web based message board application. It is reported to be vulnerable to an arbitrary file upload issue due to improper sanitization of user-supplied input. Discuz! version 4.0 rc4 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14564

  • 05.33.26 - CVE: CAN-2005-2580
  • Platform: Web Application
  • Title: MyBulletinBoard Multiple SQL Injection Vulnerabilities
  • Description: MyBulletinBoard is web forum software, prone to multiple SQL injection vulnerabilities. These vulnerabilities are caused by improper sanitization of the user-supplied input to the "index.php", "member.php", "polls.php" and "search.php" scripts. MyBulletinBoard version RC4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/407960

  • 05.33.27 - CVE: CVE-MAP-NOMATCH
  • Platform: Web Application
  • Title: phpBB BBCode IMG Tag Script Injection
  • Description: phpBB is a web forum application that is prone to a script injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input in bbcode "[IMG]" tags included in a user signature. The problem presents itself when an attacker supplies a remote folder containing malicious code as the image to include. This issue is reported to affect phpBB version 2.0.17.
  • Ref: http://www.securityfocus.com/bid/14555

  • 05.33.28 - CVE: Not Available
  • Platform: Web Application
  • Title: FUDforum Tree View Access Validation
  • Description: FUDforum is a web-based forum. It is affected by an access validation issue due to a failure in granting access to private forums. The problem presents itself when input to the "mid" parameter is not validated before being used to retrieve a forum post. FUDforum versions 2.6.15 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/14556/info

  • 05.33.29 - CVE: Not Available
  • Platform: Web Application
  • Title: VegaDNS Index.PHP Cross-Site Scripting
  • Description: VegaDNS is a web-based TinyDNS administration application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user supplied input to the "message" parameter of the "index.php" script. VegaDNS versions 0.9.9 and earlier are reported to be vulnerable.
  • Ref: http://packetstorm.linuxsecurity.com/0508-exploits/vegadns-dyn0.txt

  • 05.33.30 - CVE: CAN-2005-2615
  • Platform: Web Application
  • Title: EQdkp Session.PHP Authorization Bypass
  • Description: EQdkp is a Dragon Kill Points (DKP) system. It is affected by an authorization bypass vulnerability. This issue is due to a session handling error in the "session.php" script regarding the "auto_login_id" value. EQdkp versions 1.2.0 and earlier are affected.
  • Ref: http://eqdkp.com/?p=changelog

  • 05.33.31 - CVE: CAN-2005-2605
  • Platform: Web Application
  • Title: Lasso Professional Server Remote Authentication Bypass
  • Description: Lasso Professional Server is a commercial, cross-platform database driven Web application platform. It is susceptible to a remote authentication bypass vulnerability due to a failure of the application to properly enforce defined security constraints. This issue presents itself when web pages are protected with the "[Auth]", and "[Auth_User]" tags. If these tags are called with no parameters by an attacker, then the security mechanism is bypassed. Lasso Professional Server versions 8.0.4 and 8.0.5 are susceptible.
  • Ref: http://www.securityfocus.com/bid/14543

  • 05.33.32 - CVE: Not Available
  • Platform: Web Application
  • Title: MidiCart ASP Item_Show.ASP Code_No Parameter SQL Injection
  • Description: MidiCart ASP is an e-commerce application. Insufficient sanitization of the "code_no" parameter in the "item_show.php" script exposes the application to an SQL injection issue.
  • Ref: http://systemsecure.org/ssforum/viewtopic.php?t=30

  • 05.33.33 - CVE: Not Available
  • Platform: Web Application
  • Title: MidiCart ASP Search_List.ASP SQL Injection
  • Description: MidiCart ASP is an e-commerce solution. It is vulnerable to an SQL injection issue due to a failure in the application to properly sanitize user-supplied input to the "search_list.php" script.
  • Ref: http://systemsecure.org/ssforum/viewtopic.php?t=30

  • 05.33.34 - CVE: Not Available
  • Platform: Web Application
  • Title: Gallery PostNuke Integration Access Validation Vulnerability
  • Description: Gallery is a web application designed to allow users to manage images on their web site. It is reported to be vulnerable to an access validation issue when integrated with PostNuke due to improper usage of the "$name" global variable in the "classespostnuke0.7.1User.php" script. Gallery versions 1.5 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14547

  • 05.33.35 - CVE: Not Available
  • Platform: Network Device
  • Title: Linksys WRT54GS Wireless Authentication Bypass
  • Description: Linksys WRT54GS is a Wireless-G broadband router with SpeedBooster. It is reported to be vulnerable to an authentication bypass issue. The issue presents itself when the device is configured for "WPA/TKIP" authentication. Firmware version 4.50.6 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14566

  • 05.33.36 - CVE: Not Available
  • Platform: Network Device
  • Title: Mentor ADSL-FR4II Multiple Vulnerabilities
  • Description: Mentor ADSL-FR4II is a router device for sharing broadband connections. It is vulnerable to multiple issues that could allow unauthorized remote access or result in a denial of service.
  • Ref: http://www.securityfocus.com/bid/14557/info

  • 05.33.37 - CVE: Not Available
  • Platform: Network Device
  • Title: HP Proliant DL585 Server Unauthorized Remote Access
  • Description: HP Proliant DL585 Server is vulnerable to an unauthorized access issue due to a problem in the Integrated Lights Out (ILO) firmware prior to version 1.81. A remote attacker can gain access to the server controls when the server is powered down. HP ProLiant DL585 Integrated Lights Out versions earlier than 1.81 are vulnerable.
  • Ref: http://www.securityfocus.com/advisories/9029

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.