HP OpenView Select Identity Connectors Local Information Disclosure Vulnerability
BID:31024
Info
HP OpenView Select Identity Connectors Local Information Disclosure Vulnerability
| Bugtraq ID: | 31024 |
| Class: | Access Validation Error |
| CVE: |
CVE-2008-3539 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 04 2008 12:00AM |
| Updated: | Sep 05 2008 06:51PM |
| Credit: | HP |
| Vulnerable: |
HP HPSI TOPSecret Connector 2.22.1 HP HPSI SunOne Connector 1.14 HP HPSI RACF Connector 1.12.1 HP HPSI OpenLDAP Connector 1.02 HP HPSI OID Connector 1.02 HP HPSI IBM Tivoli Dir Connector 1.02 HP HPSI eTrust Connector 1.02 HP HPSI eDirectory Connector 1.12 HP HPSI BiDir DirX Connector 1.0.3 HP HPSI Active Directory Connector 2.10.2 HP HPSI Active Directory Connector 1.70.3 HP HPSI Active Directory Connector 2.30.xxx HP HPSI Active Directory Connector 2.20 HP HPSI ACF2 Connector 1.02 |
| Not Vulnerable: | |
Discussion
HP OpenView Select Identity Connectors Local Information Disclosure Vulnerability
HP OpenView Select Identity Connectors are prone to a local information-disclosure vulnerability.
A local attacker can exploit this issue to obtain potentially sensitive information that may aid in further attacks.
The following OpenView Select Identity Connectors are affected:
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
HPSI eTrust Connector v 1.02 and earlier
HPSI OID Connector v 1.02 and earlier
HPSI IBM Tivoli Dir Connector v 1.02 and earlier
HPSI TOPSecret Connector v 2.22.001 and earlier
HPSI RACF Connector v 1.12.001 and earlier
HPSI ACF2 Connector v 1.02 and earlier
HPSI OpenLDAP Connector v 1.02 and earlier
HPSI BiDir DirX Connector v 1.00.003 and earlier
HP OpenView Select Identity Connectors are prone to a local information-disclosure vulnerability.
A local attacker can exploit this issue to obtain potentially sensitive information that may aid in further attacks.
The following OpenView Select Identity Connectors are affected:
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
HPSI eTrust Connector v 1.02 and earlier
HPSI OID Connector v 1.02 and earlier
HPSI IBM Tivoli Dir Connector v 1.02 and earlier
HPSI TOPSecret Connector v 2.22.001 and earlier
HPSI RACF Connector v 1.12.001 and earlier
HPSI ACF2 Connector v 1.02 and earlier
HPSI OpenLDAP Connector v 1.02 and earlier
HPSI BiDir DirX Connector v 1.00.003 and earlier
Exploit / POC
HP OpenView Select Identity Connectors Local Information Disclosure Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
HP OpenView Select Identity Connectors Local Information Disclosure Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Solution:
The vendor has released updates. Please see the references for more information.
References
HP OpenView Select Identity Connectors Local Information Disclosure Vulnerability
References:
References: