HP System Management Homepage iprange parameter command execution

2013-04-12T00:00:00
ID SAINT:905F5475C154934A7ABA1388AEA3D00E
Type saint
Reporter SAINT Corporation
Modified 2013-04-12T00:00:00

Description

Added: 04/12/2013
BID: 58817
OSVDB: 91812

Background

HP System Management Homepage (SMH) is a web-based interface that consolidates the management of ProLiant and Integrity servers.

Problem

A vulnerability in HP SMH allows command execution when an attacker requests **/proxy/DataValidation** with a specially crafted **iprange** parameter.

Resolution

Upgrade to HP SMH 7.2.0-14 or higher.

References

<http://www.securityfocus.com/bid/58817>

Limitations

Exploit works on HP System Management Homepage 7.1.1-1 on CentOS 6 (Exec-Shield Enabled).

HP System Management must be configured with Anonymous access enabled in order for this exploit to succeed.

This exploit requires the IO-Socket-SSL Perl module.

Platforms

Linux