Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Phenoelit Advisory #0815 +--

From: kim0 <kim0 () phenoelit de>
Date: Sat, 27 Jul 2002 15:53:14 +0200

--
           kim0   <kim0 () phenoelit de>
       Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-->

[ Authors ]
        FX              <fx () phenoelit de>
        FtR             <ftr () phenoelit de>
        kim0            <kim0 () phenoelit de>  
        DasIch          <DasIch () phenoelit de>

        Phenoelit Group (http://www.phenoelit.de)
        Advisory        http://www.phenoelit.de/stuff/HP_Chai.txt

[ Affected Products ]
        Hewlett Packard (HP) ChaiVM
                        HP 9000
                        HP 4100
                        HP 45nn
                        HP 8150
                        Possibly others using ChaiVM

        HP Bug ID:              Not assigned
        CERT Vulnerability ID: 780747

[ Vendor communication ]
        06/29/02        Initial Notification, security-alert () hp com
                        *Note-Initial notification by phenoelit
                        includes a cc to cert () cert org by default
        06/29/02        RBL blocked delivery to security-alert () hp com
        06/29/02        Creation of ho-mail acocunt and resend
        06/29/02        Auto-responder reply
        07/01/02        Human contact, PGP exchange and ack.
        07/01/02        Clarification of some details w/HP Sec people
        07/19/02        Notification of intent to post publically in
                        apx. 7 days.
        07/23/02        Coordination for release date/times

[ Overview ]
        ChaiVM is used in networked appliances such as printers, mobile 
        computing devices, and other mobile or fixed networked embedded hardware.
        
[ Description ]
        Two vulnerabilites exist.       
        1. Access to the file system hosting ChaiVM will allow any user to 
        add, delete, or modify services hosted by the ChaiServer. 
        This is especially appliciable in cases where the file is accessible 
        through the network using PJL.

        2. The default loader (this.loader) will verify JAR signatures.  
        HP released an advanced loader (EZloader, this.ez), which in turn, 
        is signed by HP and does not verify signatures for new services.

        The result of these vulnerabilites will allow any network user to 
        add additional Chai Services.

[ Example ]
        Sample (exploit) code to be released after 30 July 2002 on site.

[ Solution ]

        None known at this time. 

[ end of file ]
Previous By Date Next
Previous By Thread Next

Current thread: