Digital Defense has posted a couple of vulnerabilities in some pretty popular and common products that customers and colleagues may want to be aware of. I would recommend assessing the relevance of these disclosures to your environments, and taking mitigating action where appropriate. Consider the potential of insider as well as external attack. The information and access that either of these two vulnerabilities offers is just too yummy for a malicious or driven attacker to pass up.
1) SolarWinds Storage Manager Server SQL Injection Authentication Bypass
Vulnerability Description: The ‘LoginServlet’ page on port 9000 of the SolarWinds Storage Manager Server is vulnerable to a SQL injection within the ‘loginName’ field. An attacker can leverage this flaw to bypass authentication to the Storage Manager application or to execute arbitrary SQL commands and extract sensitive information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
SolarWinds has not yet provided a patch to address the issue. Digital Defense, Inc. recommends restricting access to the affected port until an update has been produced by the vendor.
2) HP JetDirect Device Page Directory Traversal (CVE-2011-4785)
Vulnerability Description: The HP-ChaiSOE/1.0 embedded web server on certain HP JetDirect printers allows a potential attacker to gain read only access to directories and files outside of the web root. An attacker can leverage this flaw to read arbitrary system configuration files, cached documents, etc. Information obtained from an affected host may facilitate further attacks against the host. Exploitation of this flaw is trivial using common web server directory traversal techniques.
- HP LaserJet 4650
- HP LaserJet P3015
- HP LaserJet 2430
At this time, HP has been notified of the vulnerability and has released a patch which addresses the issue for HP LaserJet P3015.