HP System Management Homepage < 6.3 Multiple Vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote host is earlier than
6.3. Such versions are reportedly affected by the following
vulnerabilities :

- An error exists in the function 'fnmatch' in the
bundled version of PHP that can lead to stack
exhaustion. (CVE-2010-1917)

- An information disclosure vulnerability exists in the
'var_export' function in the bundled version of PHP
that can be triggered when handling certain error
conditions. (CVE-2010-2531)

- A double free vulnerability in the
'ssl3_get_key_exchange()' function in the third-party
OpenSSL library could be abused to crash the
application. (CVE-2010-2939)

- A format string vulnerability in the phar extension
in the bundled version of PHP could lead to the
disclosure of memory contents and possibly allow
execution of arbitrary code via a specially crafted
'phar://' URI. (CVE-2010-2950)

- A NULL pointer dereference in
'ZipArchive::getArchiveComment' included with the
bundled version of PHP can be abused to crash the
application. (CVE-2010-3709)

- The bundled version of libxml2 may read from invalid
memory locations when processing malformed XPath
expressions, resulting in an application crash.
(CVE-2010-4008)

- An error in the 'mb_strcut()' function in the bundled
version of PHP can be exploited by passing a large
'length' parameter to disclose potentially sensitive
information from the heap. (CVE-2010-4156)

- An as-yet unspecified remote code execution
vulnerability could allow an authenticated user to
execute arbitrary code with system privileges.
(CVE-2011-1540)

- An as-yet unspecified, unauthorized access vulnerability
could lead to a complete system compromise.
(CVE-2011-1541)

See also :

http://www.securityfocus.com/archive/1/517597/30/0/threaded

Solution :

Upgrade to HP System Management Homepage 6.3 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false