HP Operations Agent Opcode 0x34 vulnerability

Added: 08/06/2012
CVE: CVE-2012-2019
BID: 54362
OSVDB: 83673

Background

HP Operations Agents is a fault and performance monitoring solution for servers.

Problem

A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute arbitrary code by sending a specially crafted GET request.

Resolution

Apply the patch referenced in HPSBMU02796 SSRT100594.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-114/

Limitations

Exploit works on HP Operations Agent 11.00.

Platforms

Windows

Back to exploit index