IOActive Security Advisory

Title:		Multiple Remote Vulnerabilities in Mercury SiteScope
Severity:	Critical

Date Discovered:	10.05.2006
Date Reported:		05.21.2007
Date Disclosed:		09.20.2007

Affected Products:
	Mercury SiteScope - All Versions

Synopsis:
	IOActive has discovered multiple critical vulnerabilities within the
Mercury SiteScope server monitoring software, some of which 	allow for
complete remote compromise of the entire monitored network, as well as
arbitrary code execution on all servers managed by the SiteScope
software. It is stressed that, by design, the compromise of a single
SiteScope node, or the server side, allows for the compromise of every
server on the network with the SiteScope agent active.

	IOActive is coordinating with the owners of this product, Hewlett
Packard, in order to expediently provide remediation patches for all
effected versions of the system. As such, technical details will not be
released with this advisory.

Description:
	Pending patch release.

Technical Details:
	Pending patch release.

Remediation:
	A full patch for the vulnerabilities discovered by IOActive is
currently in development by Hewlett Packard.