发布日期：2001-03-29
更新日期：2001-03-29

受影响系统：

    Compaq Availability Agents 1.0
    Compaq Compaq Foundation Agents 4.90B
    Compaq Compaq Foundation Agents 4.90
    Compaq Compaq Foundation Agents 4.8
    Compaq Compaq Foundation Agents 4.7
    Compaq Compaq Foundation Agents 4.0
    Compaq Enterprise Volume Manager/Command Scripter 1.1
    Compaq Enterprise Volume Manager/Command Scripter 1.0
    Compaq Insight Management Agents 4.30B
    Compaq Insight Management Agents 4.30A
    Compaq Insight Management Agents 4.22A
    Compaq Insight Management Agents 4.21A
    Compaq Insight Management Agents 3.70
    Compaq Insight Management Desktop Web Agents 3.7
    Compaq Insight Manager LC 1.50A
    Compaq Insight Manager LC 1.3c
    Compaq Insight Manager XE 2.1
    Compaq Insight Manager XE 1.21
    Compaq Insight Manager XE 1.0
    Compaq Intelligent Cluster Administrator 2.1
    Compaq Intelligent Cluster Administrator 1.0
    Compaq Management Agents 4.37E
    Compaq Management Agents 4.36j
    Compaq Management Agents 4.36E
    Compaq Management Agents 4.35j
    Compaq Management Agents 4.30j
    Compaq Management Agents for Netware 2.28
       - Novell Netware 5.1
       - Novell Netware 5.0
    Compaq Management Agents for Workstations 4.20B
    Compaq Management Agents for Workstations 4.20A
    Compaq Open SAN Manager 1.0
    Compaq Storage Allocation Reporter 1.0
    Compaq Survey Utility 2.33
    Compaq Survey Utility 2.23
    Compaq Survey Utility 2.2
    Compaq Survey Utility 2.18
    Compaq Survey Utility 2.17
    Compaq System Healthcheck 3.0.1
    Compaq System Healthcheck 3.0

描述：

---

BUGTRAQ ID: 2500

部分Compaq产品通过TCP/2301提供了一个管理界面，远程用户可以通过HTTP协议和标
准浏览器使用这个管理界面。为此，Compaq的防火墙、代理服务器缺省允许目标端口
是2301的TCP报文通过。这使得远程攻击者有机会渗透进入被Compaq的防火墙、代理
服务器保护着的内部网络。

<* 来源：Brewis Mark (mark.brewis@edl.uk.eds.com) *>




建议：

---

临时解决方法：

NSFOCUS建议您在防火墙上封锁2301端口的连接。

厂商补丁：

厂商提供了两个补丁
ftp://ftp.compaq.com/pub/softpaq/sp16001-16500/

浏览次数：4040
严重程度：0（网友投票）