HP System Management Homepage Remote Privilege Escalation Vulnerability

TITLE: HP System Management Homepage Remote Privilege Escalation Vulnerability
CLASS: Unknown
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 15 2007 12:00AM
UPDATE: Jun 15 2007 12:00AM
CREDIT: The vendor disclosed this issue.
VULNERABLE:

HP System Management Homepage 2.1.8
HP System Management Homepage 2.1.7
HP System Management Homepage 2.1.6
HP System Management Homepage 2.1.5
HP System Management Homepage 2.1.4
HP System Management Homepage 2.1.3 .132
HP System Management Homepage 2.1.3
HP System Management Homepage 2.1.2
HP System Management Homepage 2.1.1
HP System Management Homepage 2.1
HP System Management Homepage 2.0.2
HP System Management Homepage 2.0.1
HP System Management Homepage 2.0
NOT VULNERABLE:
HP System Management Homepage 2.1.9

Vai alla pagina originale su Security Focus

Discussion

HP System Management Homepage is prone to a privilege-escalation vulnerability.

Attackers can exploit this issue to gain superuser access to the affected application. This may facilitate further attacks.

Versions prior to 2.1.9 that are running on Linux with Novell's eDirectory services are vulnerable.

Exploit

To exploit this issue, an attacker must access a computer on which they are a Novell eDirectory member.

Solution

Solution:
The vendor has addressed this issue in System Management Homepage 2.1.9. Please see the references for more information.


HP System Management Homepage 2.0


HP System Management Homepage 2.0.1

HP System Management Homepage 2.0.2

HP System Management Homepage 2.1

HP System Management Homepage 2.1.1

HP System Management Homepage 2.1.2

HP System Management Homepage 2.1.3 .132

HP System Management Homepage 2.1.3

HP System Management Homepage 2.1.4

HP System Management Homepage 2.1.5

HP System Management Homepage 2.1.6

HP System Management Homepage 2.1.7

HP System Management Homepage 2.1.8

References

References:

PhpLog

BNLug Benevento Linux Users Group