HP System Management Homepage iprange parameter command execution

2013-04-12T00:00:00

Description

Added: 04/12/2013 BID: [58817](<http://www.securityfocus.com/bid/58817>) OSVDB: [91812](<http://www.osvdb.org/91812>) ### Background [HP System Management Homepage](<http://h18004.www1.hp.com/products/servers/management/agents/>) (SMH) is a web-based interface that consolidates the management of ProLiant and Integrity servers. ### Problem A vulnerability in HP SMH allows command execution when an attacker requests `**/proxy/DataValidation**` with a specially crafted `**iprange**` parameter. ### Resolution [Upgrade](<http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=428936&swItem=MTX-df3d68cc03364ce78f1987b83b&prodNameId=3288114&swEnvOID=4006&swLang=8&taskId=135&mode=5>) to HP SMH 7.2.0-14 or higher. ### References <http://www.securityfocus.com/bid/58817> ### Limitations Exploit works on HP System Management Homepage 7.1.1-1 on CentOS 6 (Exec-Shield Enabled). HP System Management must be configured with Anonymous access enabled in order for this exploit to succeed. This exploit requires the IO-Socket-SSL Perl module. ### Platforms Linux

{"id": "SAINT:91C3CC12258159844FA8C55406155AAA", "vendorId": null, "type": "saint", "bulletinFamily": "exploit", "title": "HP System Management Homepage iprange parameter command execution", "description": "Added: 04/12/2013 \nBID: [58817](<http://www.securityfocus.com/bid/58817>) \nOSVDB: [91812](<http://www.osvdb.org/91812>) \n\n\n### Background\n\n[HP System Management Homepage](<http://h18004.www1.hp.com/products/servers/management/agents/>) (SMH) is a web-based interface that consolidates the management of ProLiant and Integrity servers. \n\n### Problem\n\nA vulnerability in HP SMH allows command execution when an attacker requests `**/proxy/DataValidation**` with a specially crafted `**iprange**` parameter. \n\n### Resolution\n\n[Upgrade](<http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=428936&swItem=MTX-df3d68cc03364ce78f1987b83b&prodNameId=3288114&swEnvOID=4006&swLang=8&taskId=135&mode=5>) to HP SMH 7.2.0-14 or higher. \n\n### References\n\n<http://www.securityfocus.com/bid/58817> \n\n\n### Limitations\n\nExploit works on HP System Management Homepage 7.1.1-1 on CentOS 6 (Exec-Shield Enabled). \n\nHP System Management must be configured with Anonymous access enabled in order for this exploit to succeed. \n\nThis exploit requires the IO-Socket-SSL Perl module. \n\n### Platforms\n\nLinux \n \n\n", "published": "2013-04-12T00:00:00", "modified": "2013-04-12T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/hp_smh_iprange", "reporter": "SAINT Corporation", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2017-01-10T14:03:44", "viewCount": 6, "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.8}, "_state": {"dependencies": 1645421398, "score": 1659770509}}