Hewlett Packard Integrated Lights Out Remote Unauthorized Access Vulnerability

Bugtraq ID:	21575
Class:	Access Validation Error
CVE:	CVE-2006-6608
Remote:	Yes
Local:	No
Published:	Dec 13 2006 12:00AM
Updated:	Jun 26 2007 04:28PM
Credit:	The vendor reported this vulnerability.
Vulnerable:	HP ProLiant Integrated Lights Out 2 1.11 HP ProLiant Integrated Lights Out 2 1.00 HP ProLiant Integrated Lights Out 1.87 HP ProLiant Integrated Lights Out 1.70
Not Vulnerable:	HP ProLiant Integrated Lights Out 2 1.20 HP ProLiant Integrated Lights Out 1.88

Hewlett Packard Integrated Lights Out Remote Unauthorized Access Vulnerability

The HP Integrated Lights Out firmware application is prone to a remote unauthorized-access vulnerability.

Exploiting this issue allows remote attackers to gain unauthorized access to affected computers.

Hewlett Packard Integrated Lights Out Remote Unauthorized Access Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Hewlett Packard Integrated Lights Out Remote Unauthorized Access Vulnerability

Solution:
HP has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.

Hewlett Packard Integrated Lights Out Remote Unauthorized Access Vulnerability

References:

• HP-UX Homepage (HP)
  
• HP Technical knowledge base document HPSBMA02173 SSRT061230 rev. 1 ()