Post By Martin 0 Comments
July 2007 08

Fujitsu servers ServerView security risk?

http://www.heise-security.co.uk/news/92308

German security service provider RedTeam Pentesting has reported vulnerabilities in Fujitsu Siemens products that may compromise server security. For instance, the ServerView management tool exhibits a critical flaw in a CGI script that might allow attackers to execute arbitrary commands on the server. The bug resides in the script DBAsciiAccess, which offers a ping functionality for network checks. An IP address can be entered as parameter that is forwarded to the ping tool without proper sanitization. Simply adding a semicolon to the address is sufficient to allow arbitrary shell commands to be appended, which will be executed with the privileges of the web server.

If you’re using Fujitsu servers/blades might be worth checking their site/speaking with their support team, it might not be something to worry about.
Do consider that you need to balance the risk against functionality and that with the right sign-off, that I accept liability, I secure the server infrastructure – it’s a cost of doing business.

Related posts:

  1. Fujitsu continues the innovation Fujitsu Tokyo, April 2,2009 — Fujitsu Limited announced that it...
  2. Fujitsu to offer cloud computing platform JCN Network Tokyo, Apr 27, 2009 – (JCN Newswire) –...
  3. Reviewing Fujitsu Primergy RX200 S5 A review of the Fujitsu Pimergy RX200 S5 server, I...
  4. Fujitsu launches cloud services We are seeing more vendors come on stream offering cloud...

Related posts brought to you by Yet Another Related Posts Plugin.

Bookmark and Share

Leave a Reply