[VIM] HP lingo or one hell of a hack?

Steven M. Christey coley at linus.mitre.org
Fri Aug 12 19:19:19 EDT 2005


> VULNERABILITY SUMMARY:
> A potential vulnerability has been identified with the HP ProLiant
> DL585 server, where a remote unauthorized user may gain access to
> the server controls, when the server is powered down.

Yeah, I noticed this too :)

My guess is that the server has some sort of "wakeup" functionality.

Or do they mean "after it has been injected, the exploit's payload is only
activated when the server powers itself down."

I also don't understand what a "remote unauthorized user" is.  Are they
authenticated to the powered-off system in some way?  Or could it be just
anybody with a network connection to the server?

I wonder how somebody could go about assigning a CVSS score for this ;-)

- Steve


More information about the VIM mailing list