RE: Compaq Vulnerability
From: Brewis, Mark (mark.brewis@eds.com)Date: 09/27/01
- Previous message: Keith.Morgan: "RE: New laws in the wings"
- Maybe in reply to: Gary O'leary-Steele: "Compaq Vulnerability"
- Next in thread: Don Weber: "RE: Compaq Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <120097989CFFD1118B8C00805FFEE24607D63F66@GBWTM001> From: "Brewis, Mark" <mark.brewis@eds.com> To: "'Gary O'leary-Steele'" <GaryO@sec-1.com>, PEN-TEST@securityfocus.com Subject: RE: Compaq Vulnerability Date: Thu, 27 Sep 2001 10:35:10 +0100
This is one of several ways to make it fall over. Is the machine you are
using multi-homed? If it is , see whether this kills the service on all
interfaces. Nice to see you spotted it on 49400 - the port never referenced
in Compaq documentation.
Mark
-----Original Message-----
From: Gary O'leary-Steele [mailto:GaryO@sec-1.com]
Sent: Tuesday, September 25, 2001 5:42 PM
To: PEN-TEST@securityfocus.com
Subject: Compaq Vulnerability
Hello All,
This maybe really old but here goes anyway.
I am testing our local network and wanted to see how secure the Compaq
insight management web thingy's are so I ran a capture of the admin logging
in. I noticed it referenced a component /proxy/LoginResponse as part of the
login process. So tacked it onto the end of the url and the service on the
compaq box (cpmdi and CPQWMGT.exe respectively) died with an access
violation.
Both
http://targetip:2301/Proxy/LoginResponse
And
http://targetip:49400/Proxy/Loginresponse
Produced the same result.
Is this old?
Kind Regards,
GaryO@sec-1.com
Gary O'leary-Steele
Technical Consultant
Telephone: 0113 2237220
Email: GaryO@sec-1.com
Mobile: 07796698919
Web Site: www.sec-1.com
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------
The contents of this Email may be privileged and are confidential. It may
not be disclosed to or used by anyone other than the addressee(s), nor
copied in any way. If received in error, please advise the sender, then
delete from your system.
The opinions expressed within this email represent those of the individual
and not necessarily those of Sec-1 ltd.
Should you wish to use Email as a mode of communication, Sec-1 ltd are
unable to guarantee the security of Email content outside of our own
computer systems.
----------------------------------------------------------------------------
------------------------------------
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Keith.Morgan: "RE: New laws in the wings"
- Maybe in reply to: Gary O'leary-Steele: "Compaq Vulnerability"
- Next in thread: Don Weber: "RE: Compaq Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
