Kod programskog paketa HP StorageWorks File Migration Agent uočena je i ispravljena nova sigurnosna ranjivost. Riječ je o paketu koji omogućuje upravljanje pohranom i prijenosom raznovrsnih podataka. Uočena ranjivost javlja se zbog slabog mehanizma autentikacije u "HsmCfgSvc.exe". Napadaču spomenuta nepravilnost omogućuje pristup podacima koji se pohranjuju i prenose, te njihovu izmjenu. Svim se korisnicima savjetuje detaljnije čitanje izvorne preporuke i primjena objavljenog rješenja koje uklanja opisanu ranjivost.

HP StorageWorks File Migration Agent Archive Manipulation Vulnerability
Secunia Advisory 	SA43525 	
Release Date 	2011-03-01

Criticality level 	Moderately criticalModerately critical
Impact 	Manipulation of data
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Software:	
	HP StorageWorks File Migration Agent 2.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

A vulnerability has been reported in HP StorageWorks File Migration Agent, which can be exploited by malicious people to manipulate certain data.

The vulnerability is caused due to the HsmCfgSvc.exe service not enforcing authentication, which allows an attacker to change the contents of archived files.

Solution
Restrict access to the HsmCfgSvc.exe service.

Provided and/or discovered by
AbdulAziz Hariri via ZDI

Original Advisory
ZDI-11-094:
http://www.zerodayinitiative.com/advisories/ZDI-11-094/