HP Diagnostics Server magentservice.exe Integer Wrap

Added: 01/26/2012
CVE: CVE-2011-4789
BID: 51398
OSVDB: 78309

Background

HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments.

Problem

A vulnerability exists in the way the magentservice.exe service handles network requests. Subtraction is applied to part of the packet to determine how much memory to allocate. If a message is crafted such that an integer wrap occurs during this subtraction, a stack overflow may occur, which may allow an attacker to gain execution control.

Resolution

A patch is not available at the time of publication. Limit access to TCP port 23472.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-016/

Limitations

This exploit has been tested against HP Diagnostics Server 9.10 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.

Exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from http://www.cpan.org/modules/by-module/IO/.

Platforms

Windows

Back to exploit index