HP System Management Homepage iprange parameter command execution

Added: 04/12/2013
BID: 58817
OSVDB: 91812

Background

HP System Management Homepage (SMH) is a web-based interface that consolidates the management of ProLiant and Integrity servers.

Problem

A vulnerability in HP SMH allows command execution when an attacker requests /proxy/DataValidation with a specially crafted iprange parameter.

Resolution

Upgrade to HP SMH 7.2.0-14 or higher.

References

http://www.securityfocus.com/bid/58817

Limitations

Exploit works on HP System Management Homepage 7.1.1-1 on CentOS 6 (Exec-Shield Enabled).

HP System Management must be configured with Anonymous access enabled in order for this exploit to succeed.

This exploit requires the IO-Socket-SSL Perl module.

Platforms

Linux

Back to exploit index