CVE-2011-4157

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2011-4157 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Nicolas Gr?ire / Agarri.
The original article can be found at: http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=958

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2011-4157

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* HP P4000 Virtual SAN/iQ versions prior to 9.5

Remote exploitation of an arbitrary command execution vulnerability in HP.'s StorageWorks P4000 Virtual SAN Appliance (VSA) could allow an attacker to execute arbitrary code with the privileges of the affected service.

The management service implements a protocol command to allow a remote client to ping a remote device from the VSA. Input passed as part of this ping request is not correctly sanitized. This condition may result in an arbitrary command execution. This vulnerability does not require authentication as default account credentials are hard-coded into the management service.

Vendor Status:
HP has released patches and workarounds to address this vulnerability.

Patch Availability:
http://www.hp.com/go/p4000downloads

CVE Information:
CVE-2011-4157

Disclosure Timeline:
10/20/2010 Initial Vendor Notification
11/09/2010 Initial Vendor Reply
11/11/2011 Coordinated Public Disclosure

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus