HP StorageWorks 1/8 G2 Tape Autoloader - privilege escalation, DOS
2010-02-07 11:02
881 查看
A vulnerability was found in Web Administration Interface of device HP StorageWorks 1/8 G2 Tape Autoloader.
Default unprivileged user can escalate privileges to the administrator and execute DOS attack.
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-011
Application: HP StorageWorks 1/8 G2 Tape Autoloader
Versions Affected: firmware v 2.30 and earlier
Vendor URL: http://hp.com/
Bug: Privilege escalation
Exploits: YES
Reported: 30.09.2008
Vendor Response: 30.09.2008
Date of Public Advisory: 11.01.2010
Solution: yes
CVE: CVE-2009-2680
CVSS 2.0: 8.5
Author: Alexandr Polyakov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)
Description
***********
A vulnerability was found in Web Administration Interface of device HP StorageWorks 1/8 G2 Tape Autoloader.
A default unprivileged user can escalate privileges to the administrator.
Details
*******
An attacker can connect with standard credentials
(username: user and password: user).
After that he can see the cookies like that:
RMU_LEVEL 1
RMU_LOGIN 9999
RMU_SESSION 5
Then if he changes the RMU_LEVEL parameter to 2, he can be authorized as administrator.
After that he can do anything possible using administrative rights.
Solution
********
Install the following patches
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01868405
References
**********
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01868405 http://dsecrg.com/pages/vul/show.php?id=111
About
*****
Digital Security is one of the leading IT security companies in CEMEA,
providing information security consulting, audit and penetration
testing services, risk analysis and ISMS-related services and
certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital
Security Research Group focuses on web application and database
security problems with vulnerability reports, advisories and
whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
Default unprivileged user can escalate privileges to the administrator and execute DOS attack.
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-011
Application: HP StorageWorks 1/8 G2 Tape Autoloader
Versions Affected: firmware v 2.30 and earlier
Vendor URL: http://hp.com/
Bug: Privilege escalation
Exploits: YES
Reported: 30.09.2008
Vendor Response: 30.09.2008
Date of Public Advisory: 11.01.2010
Solution: yes
CVE: CVE-2009-2680
CVSS 2.0: 8.5
Author: Alexandr Polyakov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)
Description
***********
A vulnerability was found in Web Administration Interface of device HP StorageWorks 1/8 G2 Tape Autoloader.
A default unprivileged user can escalate privileges to the administrator.
Details
*******
An attacker can connect with standard credentials
(username: user and password: user).
After that he can see the cookies like that:
RMU_LEVEL 1
RMU_LOGIN 9999
RMU_SESSION 5
Then if he changes the RMU_LEVEL parameter to 2, he can be authorized as administrator.
After that he can do anything possible using administrative rights.
Solution
********
Install the following patches
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01868405
References
**********
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01868405 http://dsecrg.com/pages/vul/show.php?id=111
About
*****
Digital Security is one of the leading IT security companies in CEMEA,
providing information security consulting, audit and penetration
testing services, risk analysis and ISMS-related services and
certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital
Security Research Group focuses on web application and database
security problems with vulnerability reports, advisories and
whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
相关文章推荐
- Replication Solutions for the HP StorageWorks EVA:HP0-512 Exam
- HP StorageWorks 2000 模块化智能阵列 - 配置流程
- HP StorageWorks MSA SAN 存储阵列 - MSA2000 vdisk 和 volume 的扩容
- HP Storageworks 8/8 SAN Switch 基礎應用
- HP-UNIX File System&Storage 的一些基本知识(下)
- ubuntu系统下,hp 650 G2笔记本合上盖子后不进入睡眠状态的问题
- 使用 HP 3PAR Peer Persistence 实现 vSphere Metro Storage Cluster (vMSC)
- HP-UNIX File System&Storage 的一些基本知识(上)
- hp usb disk storage format tool
- hp probook 430 g2 开启虚拟化
- A616-HP-ProDesk 480 G2 MT电脑网络同传
- Why does DOS use 100% CPU under Virtual PC?
- DoS(Denial Of Service)***
- 纯DOS下内存的管理—实模式下访问4GB内存
- "Karma-How It Works"Karma怎么运行
- 在WINDOWS下和DOS(硬盘安装)下实现全自动安装XP系统的方法
- MYSQL使用指南DOS下操作
- DOS时代的回忆,贴一段10年前本人写的二进制编辑器汇编代码
- dos一些有用运行命令
- TIBCO企业应用解决方案 之EAI解决方案:Business Works + Adapters 3