ID

VAR-201412-0023

CVE

CVE-2011-4722

TITLE

Ipswitch WhatsUp Gold of TFTP Server traversal vulnerability

DESCRIPTION

Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation. HP Device Manager is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application.Information obtained could aid in further attacks. HP Device Manager 4.7 and prior versions are vulnerable. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ipswitch TFTP Server Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA47025 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47025/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47025 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47025/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47025/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47025 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Prabhu S Angadi has discovered a vulnerability in Ipswitch TFTP Server, which can be exploited by malicious people to disclose sensitive information. SOLUTION: Restrict network access to the service. PROVIDED AND/OR DISCOVERED BY: Prabhu S Angadi, SecPod Research. ORIGINAL ADVISORY: http://secpod.org/blog/?p=424 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20565.www2.hp.com/hpsc/doc/public/display?docId=3Demr_na-c05054714 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05054714 Version: 1 HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files NOTICE: The information in this Security Bulletin should be acted upon as s= oon as possible. Release Date: 2016-03-21 Last Updated: 2016-03-21 Potential Security Impact: Remote read access to arbitrary files. References: * CVE-2011-4722 * PSR-2015-0273 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Device Manager 4.7 and all previous releases, including major releases, minor releases, and service packs *ONLY impacted versions are listed. BACKGROUND For a PGP signed version of this security bulletin please write to: security-alert@hp.com CVSS 2.0 Base Metrics =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D Reference Base Vector Base Scor= e CVE-2011-4722 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D Information on CVSS is documented in HP Customer Notice: HPSN2008002. Open File Explorer and go to the directory <HPDMInstallPath>\HP Device Manager\Gateway\PxeServer. 2. Right click the file PXEService.exe and select Menu Item Properties. 3. Select the Details tab and check if File version or Product version has= any version information. 4. If there is no version information, the PXEService.exe file includes th= e vulnerability CVE-2011-4722 as mentioned above. HP has made the following product updates available for the impacted produc= ts. To fix this vulnerability, choose ONE of the following resolution methods: * Resolution 1 - Upgrade HP Device Manager to version 4.7 Service Pack 1 = or higher. In these versions, the vulnerability has been fixed. 1. Download PXEService.zip from ftp://ftp.hp.com/pub/hpdm/Patches/ CVE-2011-4722/PXEService.zip to a temporary folder. 2. Unzip PXEService.zip to get the PXEService.exe file. 3. Go to Windows Control Panel > Administrative Tools > Services. 4. Stop the HPDM PXEService service, if this service has started. 5. Open File Explorer and go to the directory <HPDMInstallPath>\HP Dev= ice Manager\Gateway\PxeServer. 6. Copy the decompressed PXEService.exe file to this folder to overwri= te the old PXEService.exe file. 7. Start the " HPDM PXEService" in Windows Services. System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current se= cure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determ= ine the applicability of this information to their individual situations and ta= ke appropriate action. HP does not warrant that this information is necessaril= y accurate or complete for all user situations and, consequently, HP will not= be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranti= es of merchantability and fitness for a particular purpose, title and non-infringement." REVISION HISTORY Version:1 (rev.1) 21 March 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues abou= t the content of this Security Bulletin, send e?mail to hp?security?alert@hp.= com Report: To report a potential security vulnerability with any HP supported product, send email to: hp?security?alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulleti= n alerts via Email: http://support.hp.com/us/en/subscribe/ Security Bulletin Archive: A list of recently released Security Bulletins i= s available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ secBullArchive Software Product Category: The Software Product Category is represented in = the title by the two characters following HPSB. PI =3D HP Printing and Imaging HF =3D HP Hardware and Firmware ST =3D HP Storage Software GN =3D HP General Software Support: For further information, contact normal HP Services support channe= l. Report: To report a potential security vulnerability with any HP supported product, send Email to: hp-security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted usi= ng PGP, especially exploit information. To get the security?alert PGP key, please send an e?mail message as follows= : To: hp?security?alert@hp.com Subject: get key Copyright 2016 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial erro= rs or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or= its affiliates, subcontractors or suppliers will be liable for incidental,speci= al or consequential damages including downtime cost; lost profits;damages rela= ting to the procurement of substitute products or services; or damages for loss = of data, or software restoration. The information in this document is subject = to change without notice. Hewlett-Packard Company and the names of Hewlett-Pac= kard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentione= d herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW/q1QAAoJEPRuzn0I+N3ZzuUP/jvrxRZ8wyGyaY62b2N6feeF b4OdDn5pkPH0qEiWtx7VePzjTH352CQmfY5RIX6mGdgjzWs53NS1yNb/zdUWoUDD zUMkQ6MyIW/6hUbBgDSXwcMtshv5TZouUrFsm5hdn1MSG9Z95CZ4Uw7dTjaRXGEC pvkqkIZT6ykKH/XCzbLnRkEIGTFZHVHflJ/5hX2Cr0UQOF1UZ+RmNZ2qjQkz5pRI hf2+kPTx1pgniT8k6PjpceYHYSpflRJeX3/JwTL8Q5Ln4du71bB1QNcsh9LudbXb 4HL4dEI7/VcInOHiCg3OYLP84vxFYx+bIBV/Z0cZJnZyzdIfoQHYBMlaMUJVwShI jt/rqwoK75rWVWWKQ09LhBUJfSu0ab3fpoeB1GOIKh49+w/MkWEAOlLvhbmH0pCy 6Ttpih9tm102/WM9FuRrTi7dXkGwwb0/mfs2NMcy8fRVO1aWB7tpGL4ckiaKwcjB HX/GJLkmVdN8nIKF3LEXD6RuPCSivVdQm+Skx7BM27gx+YMzHVgpMZ0gUE2h6tWe 3Add+KplBHFsKvBC/gC+6VIMJ2iuYfrim5/EgCA6bZiuGo8z74wJmma1uRHtdmnr vOfddkY7ERWgcDm01POhMGjZbxtPQhWJOGiegY4q0Q+2FWzppbYDMXt1UsKDcTKo JjjM2H/sAC1YCl8D4WPk =3D5cnm -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Input Validation Error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Thomas Sundell, Uppsala University

SOURCES

LAST UPDATE DATE

2025-04-13T23:10:05.417000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE