[19800] in bugtraq
Compaq Insight Manager Proxy Vuln
daemon@ATHENA.MIT.EDU (Brewis, Mark)
Fri Mar 23 06:04:40 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <76ADB8C376C3D31193F50008C7E6D3B216F40B@EWHKA005>
Date: Thu, 22 Mar 2001 17:46:04 -0000
Reply-To: "Brewis, Mark" <mark.brewis@EDL.UK.EDS.COM>
From: "Brewis, Mark" <mark.brewis@EDL.UK.EDS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Impact: Serious
Compaq Insight Manager has a serious configuration issue which allows the
use of the software as a proxy server. No logging is performed on either
the OS or app., making this a perfect anonymous proxy.
Rec: Disable Anonymous connection to agent and server, block port 2301
inbound and outbound at network gateways.
Reported to Compaq 14/03/01, advisory released 19/03/01.
http://www.compaq.com/products/servers/management/mgtsw-advisory.html
Mark Brewis
EDS CLEF
Information Assurance Group
Wavendon Tower, Milton Keynes, MK17 8LX.
e@: mark.brewis@edl.uk.eds.com
PGP Key ID:
BA44 0B30 74DB EB02 D545 90FE 1BBC E1F6 0F58 F12A
