CVE-2011-0279

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2011-0279 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02738104

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2011-0279

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* HP MFP Digital Sending Software v4.91.00

The vulnerability could cause authentication to be disabled for managed devices. This could allow access to the devices from the Digital Sending Software without authentication.

Workaround:
Until a new version of HP MFP Digital Sending Software is available the vulnerability can be avoided as follows.

When using the Configuration Template feature added in version 4.91 of the HP MFP Digital Sending Software,

1. Insure that authentication is specified in all device templates
2. Reconfigure all devices previously configured using templates with these revised templates

Note: The procedure above is needed only if

* Authentication is required
* A device had previously been configured using a template that did not include authentication settings

CVE Information:
CVE-2011-0279

Disclosure Timeline:
Release Date: 2011-03-02
Last Updated: 2011-03-02

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus