CERTA-2004-AVI-177

Vulnerability from certfr_avis - Published: - Updated:

Au moyen d'un paquet habilement constitué, un utilisateur distant mal intentionné peut arrêter iLO.

Description

Integrated Lights-Out (iLO) est une solution matérielle et logicielle permettant la supervision à distance des serveurs Proliant.

Selon HP, l'envoi d'un paquet à destination du port zero provoque un déni de service par arrêt d'iLO.

Solution

Se référer au bulletin de sécurité du constructeur pour l'obtention du correctif (cf. section Documentation).

Firmwares antérieurs à la version 1.55.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFirmwares ant\u00e9rieurs \u00e0 la version 1.55.\u003c/p\u003e",
  "content": "## Description\n\nIntegrated Lights-Out (iLO) est une solution mat\u00e9rielle et logicielle\npermettant la supervision \u00e0 distance des serveurs Proliant.\n\nSelon HP, l\u0027envoi d\u0027un paquet \u00e0 destination du port zero provoque un\nd\u00e9ni de service par arr\u00eat d\u0027iLO.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 du constructeur pour l\u0027obtention du\ncorrectif (cf. section Documentation).\n",
  "cves": [],
  "links": [
    {
      "title": "Integrated Lights-Out Standard :",
      "url": "http://h18013.www1.hp.com/products/servers/management/ilo"
    }
  ],
  "reference": "CERTA-2004-AVI-177",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Au moyen d\u0027un paquet habilement constitu\u00e9, un utilisateur distant mal\nintentionn\u00e9 peut arr\u00eater iLO.\n",
  "title": "Vuln\u00e9rabilit\u00e9 d\u0027iLO pour les serveurs ProLiant",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HPSBMA01046 de HP",
      "url": "http://itrc.hp.com"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.