HP Power Manager formLogin buffer overflow

Added: 12/28/2010
CVE: CVE-2010-4113
OSVDB: 69969

Background

HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console.

Problem

A buffer overflow vulnerability in the Administration interface allows remote attackers to execute arbitrary commands by sending a request for the formLogin program with a specially crafted Login parameter.

Resolution

Upgrade to HP Power Manager 4.3.2.

References

http://www.securityfocus.com/archive/1/515283

Limitations

Exploit works on HP Power Manager 4.2.10 on Windows Server 2003 SP2 with KB956802 and KB956572.

Platforms

Windows

Back to exploit index