CVE-2001-0134

Description

Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.

Affected products

• compaq / armada_insight_manager4.20 – 4.20
• compaq / armada_insight_manager4.20j – 4.20j
• compaq / enterprise_volume_manager-command_scripter1.0 – 1.0
• compaq / enterprise_volume_manager-command_scripter1.1 – 1.1
• compaq / foundation_agents1.0 – 1.0
• compaq / foundation_agents2.1 – 2.1
• compaq / foundation_agents4.0 – 4.0
• compaq / foundation_agents4.90 – 4.90
• compaq / insight_management_agent4.37e – 4.37e
• compaq / insight_management_desktop_web_agent3.7 – 3.7
• compaq / insight_manager_lc1.3c – 1.3c
• compaq / insight_manager_lc1.50a – 1.50a
• compaq / insight_manager_xe1.0 – 1.0
• compaq / insight_manager_xe1.21 – 1.21
• compaq / intelligent_cluster_administrator1.0 – 1.0
• compaq / intelligent_cluster_administrator2.1 – 2.1
• compaq / management_agents4.30j – 4.30j
• compaq / management_agents4.35j – 4.35j
• compaq / management_agents4.36e – 4.36e
• compaq / management_agents4.36j – 4.36j
• compaq / open_san_manager1.0 – 1.0
• compaq / sanworks_resource_monitor1.0 – 1.0
• compaq / storage_allocation_reporter1.0 – 1.0
• compaq / survey_utility2.17 – 2.17
• compaq / survey_utility2.18 – 2.18
• compaq / survey_utility2.33 – 2.33
• compaq / system_healthcheck3.0 – 3.0
• digital / unix4.0f – 4.0f
• digital / unix4.0g – 4.0g
• digital / unix5.0 – 5.0

References

• MISChttp://www5.compaq.com/products/servers/management/agentsecurity.html
• MAILING_LISThttp://marc.info/?l=bugtraq&m=97967435023835&w=2
• MISChttp://www.securityfocus.com/bid/2200