• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Compaq Management Agents Web File Access Vulnerability

Severity: HIGH

Description:

A vulnerability in the Compaq Management Agents and the Compaq Survey Utility when running as an agent allows remote malicious users to steal local files. All Compaq Server and Client Management Agents version 4.0 or later are vulnerable. All Compaq Survey Utility versions 2.0 or later are vulnerable.

Compaq's Insight Manger a comprehensive management tool to monitor and control the operation of Compaq servers and clients and DIGITAL X86 and Alpha-based servers. One of its features is web acess to its device and configuration information via a built-in web server in the agents. Insight Manager is available for several platforms including Windows NT and Netware.

The web server in the agents fails to check whether requested files fall outside its document tree (by using ".." in the URL). Thus attackers can retrieve files in the same drives as that on which the software resides if they know or can get it's filename.

The web server listens on port 2301. By default the only user accounts available in the agents are account "anonymous", username "anonymous", no password, account "user", username "user", password "public", and account "administrator", username "administrator", and password "administrator". You login via the URL http://www.example.com:2301/cpqlogin.htm.

One an attacker has access to on such machine, using Compaq's HTTP Auto-Discovery Device List at the URL http://www.example.com/cpqdev.htm they can locate other machines.

The web agent service also appears to be vulnerable a a denial of service. By sending it a request for over 223 bytes long ("AAAA...") the service will fail with an access violation.

Affected Products:

• Compaq Client Management Agents 3.70.0
• Compaq Client Management Agents 4.0.0
• Compaq Insight Management Agents 4.21.0A
• Compaq Insight Management Agents 4.22.0A
• Compaq Insight Management Agents 4.30.0A
• Compaq Intelligent Cluster Administrator 1.0.0
• Compaq Management Agents for Workstations 4.20.0A
• Compaq Server Management Agents 4.0.0
• Compaq Server Management Agents 4.1.0
• Compaq Server Management Agents 4.10.0
• Compaq Server Management Agents 4.20.0a
• Compaq Server Management Agents 4.20.0b
• Compaq Server Management Agents 4.20.0c
• Compaq Server Management Agents 4.21.0
• Compaq Server Management Agents 4.22.0
• Compaq Server Management Agents 4.23.0
• Compaq Survey Utility 2.0.0

References:

• Compaq: Compaq Management Agent Security Vulnerability

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.