HP Intelligent Management Center is prone to an overflow condition. The tftpserver.exe component fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted TFTP packet accompanying a 0x03 (DATA) or 0x05 (ERROR) opcode sent to UDP port 69, a remote attacker can potentially execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, HP has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• CVE ID: 2011-1852 (see also: NVD)
• Secunia Advisory ID: 44556
• Bugtraq ID: 47789
• Related OSVDB ID: 72391 72392 72393 72394 72396 72397
• Vendor Specific Solution URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750
• Mail List Post: http://seclists.org/bugtraq/2011/May/82
  http://seclists.org/bugtraq/2011/May/83
• Other Advisory URL: http://www.alertlogic.com/analysis-of-cve-2011-1852-buffer-overflow-in-hp-intelligent-management-center-tftp-server/
  http://www.zerodayinitiative.com/advisories/ZDI-11-164/

• Luigi Auriemma - Zero Day Initiative (ZDI)