Bugtraq mailing list archives
FW: Compaq Insight Manager Proxy Vuln
From: Christopher Curtiss <ccurtiss () DIGITALGOODS COM>
Date: Fri, 23 Mar 2001 11:30:20 -0500
Compaqs site recommends stopping the Insight Manager and web-agent services in control-panel, this alone doesn't stop port 2301 from showing your machine stats. You must also disable the surveyor service, this takes down the page and stops polling the machine. Chris Curtiss -----Original Message----- From: Brewis, Mark [mailto:mark.brewis () EDL UK EDS COM] Sent: Thursday, March 22, 2001 12:46 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Compaq Insight Manager Proxy Vuln Importance: High Impact: Serious Compaq Insight Manager has a serious configuration issue which allows the use of the software as a proxy server. No logging is performed on either the OS or app., making this a perfect anonymous proxy. Rec: Disable Anonymous connection to agent and server, block port 2301 inbound and outbound at network gateways. Reported to Compaq 14/03/01, advisory released 19/03/01. http://www.compaq.com/products/servers/management/mgtsw-advisory.html Mark Brewis EDS CLEF Information Assurance Group Wavendon Tower, Milton Keynes, MK17 8LX. e@: mark.brewis () edl uk eds com PGP Key ID: BA44 0B30 74DB EB02 D545 90FE 1BBC E1F6 0F58 F12A
Current thread:
- Compaq Insight Manager Proxy Vuln Brewis, Mark (Mar 23)
- <Possible follow-ups>
- FW: Compaq Insight Manager Proxy Vuln Christopher Curtiss (Mar 23)