Kod programskog paketa HP StorageWorks File Migration Agent uočena je i ispravljena nova sigurnosna ranjivost. Riječ je o paketu koji omogućuje upravljanje pohranom i prijenosom raznovrsnih podataka. Uočena ranjivost javlja se zbog slabog mehanizma autentikacije u "HsmCfgSvc.exe". Napadaču spomenuta nepravilnost omogućuje pristup podacima koji se pohranjuju i prenose, te njihovu izmjenu. Svim se korisnicima savjetuje detaljnije čitanje izvorne preporuke i primjena objavljenog rješenja koje uklanja opisanu ranjivost.
HP StorageWorks File Migration Agent Archive Manipulation Vulnerability
Secunia Advisory SA43525
Release Date 2011-03-01
Criticality level Moderately criticalModerately critical
Impact Manipulation of data
Where From local network
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Unpatched
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
HP StorageWorks File Migration Agent 2.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
A vulnerability has been reported in HP StorageWorks File Migration Agent, which can be exploited by malicious people to manipulate certain data.
The vulnerability is caused due to the HsmCfgSvc.exe service not enforcing authentication, which allows an attacker to change the contents of archived files.
Solution
Restrict access to the HsmCfgSvc.exe service.
Provided and/or discovered by
AbdulAziz Hariri via ZDI
Original Advisory
ZDI-11-094:
http://www.zerodayinitiative.com/advisories/ZDI-11-094/
Posljednje sigurnosne preporuke