製品・ソフトウェアに関する情報

JVN脆弱性詳細

HP System Management Homepage にスタックバッファオーバーフローの脆弱性

Title	HP System Management Homepage にスタックバッファオーバーフローの脆弱性
Summary	HP System Management Homepage (SMH) には、スタックバッファオーバーフローの脆弱性が存在します。 HP System Management Homepage には、/proxy/DataValidation の iprange パラメータの処理に問題があり、スタックバッファオーバーフロー (CWE-121) の脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、サービス運用妨害 (DoS) 攻撃を受ける可能性があります。
Solution	[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。開発者は本脆弱性の Windows、Linux 用の対策版として System Management Homepage v7.2.1 をリリースしています。 HP System Management http://h18013.www1.hp.com/products/servers/management/agents/index.html [ワークアラウンドを実施する] 以下の回避策を適用することで、本脆弱性の影響を軽減することが可能です。　* アクセスを制限する
Publication Date	Sept. 18, 2013, midnight
Registration Date	Sept. 25, 2013, 10:46 a.m.
Last Update	Sept. 26, 2013, 5:46 p.m.

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:L/Au:S/C:N/I:N/A:P

Affected System

ヒューレット・パッカード

HP System Management Homepage 7.2.0.14 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-4821	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4821
National Vulnerability Database (NVD)
2	CVE-2013-4821	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4821

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
HP
1	HP System Management - Overview & Features	http://h18013.www1.hp.com/products/servers/management/agents/index.html
HP Security Bulletin
2	HPSBMU02900 rev.3 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862

その他

No	Name	URL
JVN
1	JVNVU#99680484	http://jvn.jp/cert/JVNVU99680484/index.html
US-CERT Vulnerability Note
2	VU#895524	http://www.kb.cert.org/vuls/id/895524

Change Log

No	Changed Details	Date of change
0	[2013年09月25日] 掲載 [2013年09月26日] タイトル：内容を更新概要：内容を更新影響を受けるシステム：内容を更新対策：内容を更新ベンダ情報：ヒューレット・パッカード (HP System Management - Overview & Features) を追加参考情報：JVN (JVNVU#99680484) を追加参考情報：US-CERT Vulnerability Note (VU#895524) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-4821

Summary	Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors.
Publication Date	Sept. 23, 2013, 7:18 p.m.
Registration Date	Jan. 26, 2021, 3:44 p.m.
Last Update	Nov. 21, 2024, 10:56 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hp:system_management_homepage:2.1.9-178:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.11.197:a::::::
cpe:2.3:a:hp:system_management_homepage:2.1.2-127:::::::*
cpe:2.3:a:hp:system_management_homepage:6.1.0.102:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10.186:b::::::
cpe:2.3:a:hp:system_management_homepage:6.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.5.146:::::::*
cpe:2.3:a:hp:system_management_homepage:6.2.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.11-197:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.14.20:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.2:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.6:::::::*
cpe:2.3:a:hp:system_management_homepage:2.0.2:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.2-77:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.12.201:::::::*
cpe:2.3:a:hp:system_management_homepage:6.3.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.8-177:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.8.179:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.15.210:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.4-143:::::::*
cpe:2.3:a:hp:system_management_homepage:2.2.6:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.0-103:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.11:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.6.156:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.0.64:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.12-118:::::::*
cpe:2.3:a:hp:system_management_homepage:2.0.1.104:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.1:::::::*
cpe:2.3:a:hp:system_management_homepage::::::::		7.2
cpe:2.3:a:hp:system_management_homepage:2.1.8:::::::*
cpe:2.3:a:hp:system_management_homepage:2.0.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.0.121:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.14:::::::*
cpe:2.3:a:hp:system_management_homepage:7.0:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.1-73:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.1.73:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.0-103\(a\):::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.5.146:b::::::
cpe:2.3:a:hp:system_management_homepage:2.0.1:::::::*
cpe:2.3:a:hp:system_management_homepage:6.0.0.96:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.0-109:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.7.168:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.5-146:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.12-200:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.2.77:b::::::
cpe:2.3:a:hp:system_management_homepage:2.1.0-118:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.2.77:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10.186:::::::*
cpe:2.3:a:hp:system_management_homepage:2.2.8:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.9:::::::*
cpe:2.3:a:hp:system_management_homepage:6.2.2.7:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.5:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.3:::::::*
cpe:2.3:a:hp:system_management_homepage:6.0.0-95:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.2.127:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.3.132:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.7:::::::*
cpe:2.3:a:hp:system_management_homepage:7.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.6-156:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.15:::::::*
cpe:2.3:a:hp:system_management_homepage:2.0.2.106:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.7-168:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10.186:c::::::
cpe:2.3:a:hp:system_management_homepage:2.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10-186:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.2:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.0-68:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.4:::::::*
cpe:2.3:a:hp:system_management_homepage:6.3.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.4.143:::::::*
cpe:2.3:a:hp:system_management_homepage:6.1.0-103:::::::*
cpe:2.3:a:hp:system_management_homepage:6.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.15-210:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.kb.cert.org/vuls/id/895524	US Government Resource
2	http://www.kb.cert.org/vuls/id/895524	US Government Resource
3	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862	Vendor Advisory
4	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862	Vendor Advisory
5	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862	Vendor Advisory
6	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862	Vendor Advisory

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hp:system_management_homepage:2.1.9-178:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.11.197:a::::::
cpe:2.3:a:hp:system_management_homepage:2.1.2-127:::::::*
cpe:2.3:a:hp:system_management_homepage:6.1.0.102:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10.186:b::::::
cpe:2.3:a:hp:system_management_homepage:6.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.5.146:::::::*
cpe:2.3:a:hp:system_management_homepage:6.2.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.11-197:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.14.20:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.2:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.6:::::::*
cpe:2.3:a:hp:system_management_homepage:2.0.2:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.2-77:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.12.201:::::::*
cpe:2.3:a:hp:system_management_homepage:6.3.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.8-177:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.8.179:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.15.210:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.4-143:::::::*
cpe:2.3:a:hp:system_management_homepage:2.2.6:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.0-103:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.11:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.6.156:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.0.64:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.12-118:::::::*
cpe:2.3:a:hp:system_management_homepage:2.0.1.104:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.1:::::::*
cpe:2.3:a:hp:system_management_homepage::::::::		7.2
cpe:2.3:a:hp:system_management_homepage:2.1.8:::::::*
cpe:2.3:a:hp:system_management_homepage:2.0.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.0.121:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.14:::::::*
cpe:2.3:a:hp:system_management_homepage:7.0:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.1-73:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.1.73:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.0-103\(a\):::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.5.146:b::::::
cpe:2.3:a:hp:system_management_homepage:2.0.1:::::::*
cpe:2.3:a:hp:system_management_homepage:6.0.0.96:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.0-109:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.7.168:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.5-146:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.12-200:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.2.77:b::::::
cpe:2.3:a:hp:system_management_homepage:2.1.0-118:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.2.77:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10.186:::::::*
cpe:2.3:a:hp:system_management_homepage:2.2.8:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.9:::::::*
cpe:2.3:a:hp:system_management_homepage:6.2.2.7:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.5:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.3:::::::*
cpe:2.3:a:hp:system_management_homepage:6.0.0-95:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.2.127:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.3.132:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.7:::::::*
cpe:2.3:a:hp:system_management_homepage:7.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.6-156:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.15:::::::*
cpe:2.3:a:hp:system_management_homepage:2.0.2.106:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.7-168:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10.186:c::::::
cpe:2.3:a:hp:system_management_homepage:2.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.10-186:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.2:::::::*
cpe:2.3:a:hp:system_management_homepage:3.0.0-68:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.4:::::::*
cpe:2.3:a:hp:system_management_homepage:6.3.1:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.4.143:::::::*
cpe:2.3:a:hp:system_management_homepage:6.1.0-103:::::::*
cpe:2.3:a:hp:system_management_homepage:6.0:::::::*
cpe:2.3:a:hp:system_management_homepage:2.1.15-210:::::::*