HP Diagnostics magentservice.exe Malformed Packet Parsing Vulnerability

Added: 10/12/2012
BID: 55159
OSVDB: 84855

Background

HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments.

Problem

HP Diagnostics Server has a buffer overflow vulnerability in the magentservice.exe process that could allow unauthenticated remote attackers to execute arbitrary code in the context of the SYSTEM user. The magentservice.exe process listens on port 23472 by default.

Resolution

A patch is not available at the time of publication. Limit access to TCP port 23472.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-162/

Limitations

This exploit was tested against HP Diagnostics Server 9.20 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2644615.

Exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from http://www.cpan.org/modules/by-module/IO/.

Platforms

Windows

Back to exploit index