Compaq Insight Agent SSL overflow

2002-07-30T00:00:00
ID OSVDB:2070
Type osvdb
Reporter OSVDB
Modified 2002-07-30T00:00:00

Description

Vulnerability Description

The Compaq Insight Management Agents use a vulnerable version of OpenSSL, which contains many remotely-exploitable buffer overflows. The vendor lists the affected products and versions as "Insight Management Agents for Windows version 5.3 - 5.5, Insight Manager 7, Version Control Agents, Version Control Repository Manager, Array Configuration Utility, HP Survey Utility for Windows, and Intelligent Cluster Administrator." Insight Management Agents for non-Windows platforms are listed as non-vulnerable.

Technical Description

Agents listen on TCP ports 2381 and 2301. Vulnerable agents are built on OpenSSL version 0.9.6b. Updated agents use OpenSSL version 0.9.6g.

Solution Description

Compaq has released various patches for the vulnerable software components.

Short Description

The Compaq Insight Management Agents use a vulnerable version of OpenSSL, which contains many remotely-exploitable buffer overflows. The vendor lists the affected products and versions as "Insight Management Agents for Windows version 5.3 - 5.5, Insight Manager 7, Version Control Agents, Version Control Repository Manager, Array Configuration Utility, HP Survey Utility for Windows, and Intelligent Cluster Administrator." Insight Management Agents for non-Windows platforms are listed as non-vulnerable.

Manual Testing Notes

Determine which systems are running HP web-enabled agents or utilities. There are three methods suggested. (Provided by Compaq)

Method 1 Environments running Insight Manager 7, can get a list of systems running the web-enabled agents by defining a Query to return a list of systems with web agents. Login to your Insight Manager 7 system and create a new Query. Select the "Devices with Web Agent" criteria. - Select all of the available products on the Criteria Configuration screen. - Save the Query and execute it. The list of devices will be all those with web agents. You may wish to use this query with the Reports feature of Insight Manager 7 (available in SP1 and greater) to get printouts of the devices and the software loaded. (Insight Manager XE users may follow a similar procedure up to but not including the reports.) NOTE: Prior to running through this procedure, you may want to perform a new discovery and data collection. If you first make sure that the discovery range covers all of the subnets visible to the Insight Manager 7 system, you will get a potentially more comprehensive report.

Method 2 Systems running HP Insight Manager Windows 32 console, can get a list of systems running the web agents by starting HP Insight Manager and selecting the "Web Device List" button on the toolbar. This will display a list of systems being managed by HP Insight Manager and additionally will have underlined as hyperlinks the systems on which the web agents are present and enabled. To print out a list of only the web devices, select the "Web Devices" hyperlink in the left column and only web devices will be shown. Print this page from your browser. NOTE: The lists generated by Methods 1 and 2, while helpful, may not be exhaustive lists of the systems with web-enabled agents and utilities. The lists will include only those systems that are being managed either explicitly or because they have been discovered.

Method 3 Point a web browser to the system by keying in http://[IP_ADDRESS]:2301 or http://[machine_name]:2301. - This will bring up the device home page for any servers running web-enabled management software. This procedure identifies the presence of the software on 1 system and assumes that you already know the device name or IP address of every device and use this procedure to visit them.

References:

Related OSVDB ID: 1958 Related OSVDB ID: 787 Keyword: CIM web SSL CERT: CA-2002-23