HP Web JetAdmin Multiple Vulnerabilities
Secunia Advisory: SA11213
Release Date: 2004-03-25
Impact: System access
Where: From local network
Software: HP Web Jetadmin 7.x
Some vulnerabilities have been reported in HP Web JetAdmin, allowing malicious people to compromise a vulnerable system.
1) It is possible to upload HTS files using "/plugins/hpjwja/script/devices_update_printer_fw_upload.hts". Uploaded files will be placed in "/plugins/hpjwja/firmware/printer/".
2) Input to the "setinclude" parameter in "/plugins/hpjdwm/script/test/setinfo.hts" isn't properly verified. This can be exploited to read arbitrary files and execute arbitrary HTS files by conducting a directory traversal attacks using the classic "../" character sequence.
3) It is possible to inject commands, which will be executed when the service is restarted. An example has been provided, which adds a new administrative user:
The vulnerabilities have been reported in version 7.5.2546 and prior.
Restrict access to ensure that only trusted users can connect to the service.
Provided and/or discovered by:
1 and 2 reported by wirepair
3 reported by H D Moore