HP Tru64 Valid User Enumeration Weakness
TITLE: HP Tru64 Valid User Enumeration Weakness
CLASS: Design Error
CVE: CVE-2007-2791
REMOTE: Yes
LOCAL: No
PUBLISHED: May 16 2007 12:00AM
UPDATE: May 22 2007 09:57PM
CREDIT: Andrea Purificato is credited with the discovery of this vulnerability.
VULNERABLE:
HP Tru64 5.1 B-4NOT VULNERABLE:
HP Tru64 5.1 B-3
Vai alla pagina originale su Security Focus
Discussion
Hewlett Packard Tru64 is prone to an information-disclosure weakness.
An attacker can exploit this issue to enumerate valid user names. This may aid in further attacks.
HP Tru64 UNIX v5.1B-3 and v5.1B-4 are vulnerable.
Exploit
An attacker can use readily available network tools to exploit this weakness.
Solution
Solution:
HP has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.
HP Tru64 5.1 B-3
- HP T64KIT1001208-V51BB26-ES-20070427 Patch for HP Tru64 UNIX - SSRT071323: SSH Potential Remote Identif
http://www4.itrc.hp.com/service/patch/patchDetail.do?BC=main|patchDetail{T64KIT1001208-V51BB26-ES-20070427,{tru:tru64:5.1b,}}|&patchid=T64KIT1001208-V51BB26-ES-20070427&sel={tru:tru64:5.1b,}
References
References:
- HPSBTU02209 SSRT071323 : HP Tru64 SSH Valid User Identification (HP)
- Welcome to Hewlett Packard (Hewlett Packard)