Compaq Web Admin Buffer Overflow Vulnerability

BID:2200

Info

Compaq Web Admin Buffer Overflow Vulnerability

Bugtraq ID: 2200
Class: Input Validation Error
CVE: CVE-2001-0134
Remote: No
Local: Yes
Published: Jan 11 2001 12:00AM
Updated: Jul 11 2009 04:46AM
Credit: Reported by iXsecurity <[email protected]> on Tue, Jan 16, 2001
Vulnerable: Digital (Compaq) TRU64/DIGITAL UNIX 5.0
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
Compaq System Healthcheck 3.0
Compaq Survey Utility 2.33
Compaq Survey Utility 2.18
Compaq Survey Utility 2.17
Compaq Storage Allocation Reporter 1.0
Compaq SANWorks Resource Monitor 1.0
Compaq Open SAN Manager 1.0
Compaq Management Agents 4.37 E
Compaq Management Agents 4.36 j
Compaq Management Agents 4.36 E
Compaq Management Agents 4.35 j
Compaq Management Agents 4.30 j
Compaq Intelligent Cluster Administrator 2.1
Compaq Intelligent Cluster Administrator 1.0
Compaq Insight Manager XE 1.21
Compaq Insight Manager XE 1.0
Compaq Insight Manager LC 1.50 A
Compaq Insight Manager LC 1.3 c
Compaq Insight Management Desktop Web Agents 3.7
Compaq Enterprise Volume Manager/Command Scripter 1.1
Compaq Enterprise Volume Manager/Command Scripter 1.0
Compaq Compaq Foundation Agents 4.90
Compaq Compaq Foundation Agents 4.0
Compaq Compaq Foundation Agents 2.1
Compaq Compaq Foundation Agents 1.0
Compaq Armada Insight Manager 4.20 j
Compaq Armada Insight Manager 4.20
Not Vulnerable:

Discussion

Compaq Web Admin Buffer Overflow Vulnerability

A vulnerability has been reported in the web-based administration component common to a number of Compaq software products.

The administration tool is vulnerable to buffer overflow attack techniques employing maliciously-formed user-supplied input. Properly exploited, this vulnerability can allow a remote attacker to execute arbitrary code on the affected system, with the privilege level of the system administrator.

The advisory did not provide further information about this vulnerability.

The following was excerpted from notification by &lt;[email protected]&gt;:

Affected Technologies:
------------------------------
Compaq Foundation Agents 4.0-4.90, 1.0-2.1
Digital Unix (Tru64) 4.0F and later
Insight Manager XE 1.0-2.1, LC 1.03c, 1.50A
Survey Utility 2.17-2.33
Intelligent Cluster Admin 1.0-2.1
System Healthcheck 3.0.0
Enterprise Volume Manager/Command Scripter 1.1 and 1.0
Insight Management Desktop Web Agents 3.70
Armada Insight Mgr 4.20-4.20J
Management Agents 4.30-4.35, 4.36-4.37E, 4.36E
Open SAN Manager 1.0
SANWorks Resource Monitor 1.0
Storage Allocation Reporter 1.0

Exploit / POC

Compaq Web Admin Buffer Overflow Vulnerability

Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Compaq Web Admin Buffer Overflow Vulnerability

Solution:
Affected users are advised to upgrade to the latest patches provided by the vendor at: http://www5.compaq.com/products/servers/management/agentsecurity.html

References

Compaq Web Admin Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report