HP Web Jetadmin ExecuteFile Command Execution

2004-04-27T00:00:00
ID OSVDB:5798
Type osvdb
Reporter FX(fx@phenoelit.de)
Modified 2004-04-27T00:00:00

Description

Vulnerability Description

HP JetAdmin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered when calling the "ExecuteFile" function, which may allow a remote attacker to execute arbitrary commands on the target system with root or SYSTEM level privileges resulting in a loss of integrity.

Solution Description

Upgrade to version 7.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

HP JetAdmin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered when calling the "ExecuteFile" function, which may allow a remote attacker to execute arbitrary commands on the target system with root or SYSTEM level privileges resulting in a loss of integrity.

References:

Vendor URL: http://www.hp.com/ Vendor Specific Advisory URL Security Tracker: 1009960 Secunia Advisory ID:11536 Related OSVDB ID: 5793 Related OSVDB ID: 5792 Related OSVDB ID: 5794 Related OSVDB ID: 5796 Related OSVDB ID: 5790 Related OSVDB ID: 5791 Related OSVDB ID: 5795 Related OSVDB ID: 5797 Other Advisory URL: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt Nessus Plugin ID:12227 Keyword: HPSBPI01026 Keyword: SSRT2397 ISS X-Force ID: 15989 Generic Exploit URL: http://www.phenoelit.de/hp/JetRoot_pl.txt CERT VU: 606673 Bugtraq ID: 10224