OSVDB ID: 84857

Title: HP Intelligent Management Center img.exe Malformed Packet Parsing Remote Overflow

Info

Disclosure

Aug 22, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 29, 2012

Description

HP Intelligent Management Center is prone to an overflow condition. The img.exe component fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted packet, a remote attacker can potentially execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified, Uncoordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, HP has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Hewlett-Packard Development Company, L.P.

Intelligent Management Center

Unspecified

References

Security Tracker: 1027431
CVE ID: 2012-3253 (see also: NVD)
Secunia Advisory ID: 50328
Related OSVDB ID: 84856
Vendor URL: http://h17007.www1.hp.com/us/en/products/network-management/IMC_ES_Platform/index.aspx
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03473459
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-12-164/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84857