HP Power Manager 'formExportDataLogs' Buffer Overflow

2011.10.29
Credit: metasploit
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01971741 Version: 1 HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as \ possible. Release Date: 2010-01-19 Last Updated: 2010-01-19 Potential Security Impact: Remote execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Power Manager. The \ vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-3999, CVE-2009-4000 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Power Manager earlier than v4.2.10 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3999 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2009-4000 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company Alin Rad Pop of Secunia Research for reporting these \ vulnerabilities to security-alert@hp.com. RESOLUTION HP has made the following available to resolve the vulnerabilities. HP Power Manager 4.2.10 or subsequent HP Power Manager 4.2.10 is available for download from http://h18004.www1.hp.com/products/servers/proliantstorage/power-protection/software/p \ ower-manager/pm3-dl.html PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) - 19 January 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed \ on systems running HP software products should be applied in accordance with the \ customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, \ send Email to: security-alert@hp.com It is strongly recommended that security related \ information being communicated to HP be encrypted using PGP, especially exploit \ information. To get the security-alert PGP key, please send an e-mail message as \ follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via \ Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&j \ umpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins \ and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to \ update appropriate sections. To review previously published Security Bulletins visit: \ http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain \ system integrity. HP is continually reviewing and enhancing the security features of \ software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention \ of users of the affected HP products the important security information contained in \ this Bulletin. HP recommends that all users determine the applicability of this \ information to their individual situations and take appropriate action. HP does not \ warrant that this information is necessarily accurate or complete for all user \ situations and, consequently, HP will not be responsible for any damages resulting \ from user's use or disregard of the information provided in this Bulletin. To the \ extent permitted by law, HP disclaims all warranties, either express or implied, \ including the warranties of merchantability and fitness for a particular purpose, \ title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or \ omissions contained herein. The information provided is provided "as is" without \ warranty of any kind. To the extent permitted by law, neither HP or its affiliates, \ subcontractors or suppliers will be liable for incidental,special or consequential \ damages including downtime cost; lost profits;damages relating to the procurement of \ substitute products or services; or damages for loss of data, or software \ restoration. The information in this document is subject to change without notice. \ Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein \ are trademarks of Hewlett-Packard Company in the United States and other countries. \ Other product and company names mentioned herein may be trademarks of their \ respective owners.

References:

http://www.securityfocus.com/bid/37867
http://securitytracker.com/id?1023470
http://secunia.com/secunia_research/2009-47/
http://secunia.com/advisories/37280
http://marc.info/?l=bugtraq&m=126393370331959&w=2
http://marc.info/?l=bugtraq&m=126393370331959&w=2


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top