OSVDB ID: 13843 Title: HP Web-enabled Management Software HTTP Server Remote Overflow |
Info |
|
|
Dates |
||||
|
|
Description |
A remote overflow exists in the HP Web-enabled Management Software HTTP server, running any Web Based Enterprise Management Agent or Utility that resides on TCP port 2301. The server fails to validate user supplied input resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service condition (server crash) or potentially execute arbitrary code. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation Impact: Loss of Availability Exploit: Exploit Unknown Disclosure: OSVDB Verified |
Solution |
Upgrade to version 5.96 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Downloaded the patch file from hp; file is a self-extracting executable with a filename based on the Smart Component Number. Have all the associated files listed below in a single directory on your hard drive. SP29008.txt patchweb.bat findver.exe regtool.exe strexp.exe cpqhmmo2.fre cpqlogin.frm cpqopts.frm From a DOS command shell change to that drive and directory and type: patchweb patch This will replace the necessary files. |
Products |
|
References |
|
Credit |
Unknown or Incomplete |