Compaq Insight Manager XE SNMP Remote Overflow

2001-10-29T00:00:00
ID OSVDB:11309
Type osvdb
Reporter OSVDB
Modified 2001-10-29T00:00:00

Description

Vulnerability Description

A remote overflow exists in Compaq Insight Manager XE. The server fails to properly check bounds on SNMP requests, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code, likely with administrative privileges, resulting in a loss of integrity and/or availability.

Solution Description

Currently, there are no known workarounds to correct this issue. Users are advised to upgrade to version 2.1c, or apply the patch at the above-listed vendor specific solution URL. Users wishing to upgrade should note that this product has now been replaced by HP Systems Insight manager, which as of May 2004 was running at version 4.1.

Short Description

A remote overflow exists in Compaq Insight Manager XE. The server fails to properly check bounds on SNMP requests, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code, likely with administrative privileges, resulting in a loss of integrity and/or availability.

References:

Vendor Specific Solution URL: ftp://ftp.compaq.com/pub/softpaq/sp17501-18000/ Security Tracker: 1002655 Related OSVDB ID: 11310 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-11/0272.html ISS X-Force ID: 7411 CVE-2001-0840 CERT VU: 908611 Bugtraq ID: 3482