Description
Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.
Product(s):
- Compaq Armada Insight Manager 4.20
- Compaq Armada Insight Manager 4.20j
- Compaq Enterprise Volume Manager_Command Scripter 1.0
- Compaq Enterprise Volume Manager_Command Scripter 1.1
- Compaq Compaq Foundation Agents 1.0
- Compaq Compaq Foundation Agents 2.1
- Compaq Compaq Foundation Agents 4.0
- Compaq Compaq Foundation Agents 4.90
- Compaq Management Agents 4.37E
- Compaq Insight Management Desktop Web Agents 3.7
- Compaq Insight Manager LC 1.3c
- Compaq Insight Manager LC 1.50A
- Compaq Insight Manager XE 1.0
- Compaq Insight Manager XE 1.21
- Compaq Intelligent Cluster Administrator 1.0
- Compaq Intelligent Cluster Administrator 2.1
- Compaq Management Agents 4.30j
- Compaq Management Agents 4.35j
- Compaq Management Agents 4.36e
- Compaq Management Agents 4.36j
- Compaq Open SAN Manager 1.0
- Compaq SANWorks Resource Monitor 1.0
- Compaq Storage Allocation Reporter 1.0
- Compaq Survey Utility 2.17
- Compaq Survey Utility 2.18
- Compaq Survey Utility 2.33
- Compaq System Healthcheck 3.0
- Digital Unix 4.0f
- Digital Unix 4.0G
- Digital Unix 5.0
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2001-0134, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-0134 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.