Overview
The Compaq web-enabled management software contains a buffer overflow. Remote intruders may be able to execute arbitrary code with privileges on affected systems. Many Compaq products are affected, from personal computers to commercial UNIX operating systems.
Description
The Compaq web-enabled management software allows system management information to be accessed through a web interface. This web interface contains a buffer overflow. Affected Compaq products include those running Microsoft Windows 9x, Windows NT, Windows 2000, NetWare, SCO Open Server, SCO UnixWare 7, RedHat 6.2, RedHat 7.0, Tru64Unix, and OpenVMS. Web-enabled management software is also supported for Compaq storage products. |
Impact
A remote attacker may be able to execute arbitrary code with privileges on systems running the vulnerable software. |
Solution
Apply a Patch
|
Disable the Web-Enabled Management Software |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
The CERT/CC thanks Compaq for their advisory on this topic.
This document was written by Cory F. Cohen.
Other Information
CVE IDs: | CVE-2001-0728 |
Severity Metric: | 11.22 |
Date Public: | 2001-10-01 |
Date First Published: | 2001-11-19 |
Date Last Updated: | 2001-11-19 20:40 UTC |
Document Revision: | 8 |