-
-
Check out our applications -
subscribe to RSS
Get email updates every time we post!
Fujitsu servers ServerView security risk?
http://www.heise-security.co.uk/news/92308
German security service provider RedTeam Pentesting has reported vulnerabilities in Fujitsu Siemens products that may compromise server security. For instance, the ServerView management tool exhibits a critical flaw in a CGI script that might allow attackers to execute arbitrary commands on the server. The bug resides in the script DBAsciiAccess, which offers a ping functionality for network checks. An IP address can be entered as parameter that is forwarded to the ping tool without proper sanitization. Simply adding a semicolon to the address is sufficient to allow arbitrary shell commands to be appended, which will be executed with the privileges of the web server.
If you’re using Fujitsu servers/blades might be worth checking their site/speaking with their support team, it might not be something to worry about.
Do consider that you need to balance the risk against functionality and that with the right sign-off, that I accept liability, I secure the server infrastructure – it’s a cost of doing business.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Leave a Reply
Recent Posts
Categories
Recent Comments
- Data centers on Joining the cloud computing space
- Tom on BuildMyVirtual - our Self Service Virtualization Portal goes online for free download shortly
- scott Paradis on What's in a name - quite a lot you know
- martin237 on How to reboot the HP ILO/kick off a hung session
- Steve Khan on What's the ILO and how do I connect to it?
- Mahmoud Moataz on How to reboot the HP ILO/kick off a hung session
- ST2 on Virtual mobile handset please
- Allan on How to reboot the HP ILO/kick off a hung session
- Chris Rugh on Vendor engagement and real world opportunities
- Ray McLemore on HP Converged Infrastructure enhances trade capacity and execution
