HP Intelligent Management Center TFTP Multiple Vulnerabilities

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The version of HP Intelligent Management Center's TFTP server running
on the remote host is affected by multiple vulnerabilities.

Description :

A TFTP server belonging to HP Intelligent Management Center is running
on the remote host. This is a collection point for any HP Intelligent
Management Center clients on the network.

The installed version of this server contains a number of
vulnerabilities, including code execution and arbitrary file creation.

It is also likely that the HP Intelligent Management Center install
itself is affected by other vulnerabilities, although this plugin has
not checked for those issues.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-161/
http://www.zerodayinitiative.com/advisories/ZDI-11-163/
http://www.zerodayinitiative.com/advisories/ZDI-11-164/
http://www.zerodayinitiative.com/advisories/ZDI-11-165/
http://archives.neohapsis.com/archives/bugtraq/2011-05/0082.html
http://archives.neohapsis.com/archives/bugtraq/2011-05/0102.html
http://archives.neohapsis.com/archives/bugtraq/2011-05/0084.html
http://archives.neohapsis.com/archives/bugtraq/2011-05/0088.html

Solution :

Upgrade to 5.0_E0101L02 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 54986 ()

Bugtraq ID: 47789

CVE ID: CVE-2011-1849
CVE-2011-1851
CVE-2011-1852
CVE-2011-1853