| VID |
29006 |
| Severity |
30 |
| Port |
2301 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The host is running the Compaq web management agent. This service can be used as a HTTP
proxy. An attacker can use this to bypass firewall rules or hide the source of web-based attacks.
The Compaq web-enabled management software allows system management information to be accessed through a web interface. The product works through TCP port :2301 to provide an administrator with a management console via HTTP and a browser.
As an unintended side effect, remote attackers may be able to relay connections through systems running the vulnerable software. This is attractive to intruders because they may use this feature to hide their identity (disguised as the system running the web-enabled management software) while attacking other systems. If the vulnerable system has access to more than one network, the attacker may also be able to bypass normal firewall restrictions or access restricted networks. Additionally, this vulnerability will disclose confidential information about the network infrastructure.
Compaq has produced a security advisory describing this problem at:
http://www.compaq.com/products/servers/management/mgtsw-advisory.html
* References:
http://www.securityfocus.com/bid/2500
http://www.iss.net/security_center/static/6264.php
Affected Compaq products:
Microsoft Windows 9x, NT, 2000
NetWare
SCO Open Server
SCO UnixWare 7
RedHat 6.2, 7.0
Tru64Unix
OpenVMS
Compaq storage products. |
| Recommendation |
Due to the information leak associated with this service, we recommend that you disable the Compaq Management Agent or block access to port 2301 from untrusted sources may reduce the risk of exploitation. You may also wish to block port 280 (the Compaq Insight Manager XE port).
If this service is required, installing the appropriate upgrade from Compaq will fix this issue. The software update for your operating system and hardware can be found via Compaq's support download page:
http://www.compaq.com/support/files/server/us/index.html
For more information, please see the vendor advisory at:
http://www.compaq.com/products/servers/management/SSRT0758.html |
| Related URL |
CVE-2001-0374 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
