Overview
Some HP Mercury products are vulnerable to a buffer overflow and may allow an attacker to execute arbitrary code.
Description
The magentproc.exe service provided with some HP Mercury products fails to properly parse values in the server_ip_name field. If an overly long value is sent in this parameter, a stack-based buffer overflow may be triggered within the mchan.dll library. An attacker may be able to exploit this vulnerability by sending a specially crafted packet to the agent (port 54345/tcp). HP reports that the following products are affected by this issue:
|
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code. |
Solution
Apply an Update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00854250&jumpid=reg_R1002_USEN
- http://www.ciac.org/ciac/bulletins/r-123.shtml
- http://www.zerodayinitiative.com/advisories/ZDI-07-007.html
- http://secunia.com/advisories/24112/
- http://securitytracker.com/alerts/2007/Feb/1017613.html
Acknowledgements
This vulnerability was reported in HP Security Document ID #c00854250. This issue was discovered by Eric Detoisien and reported via Zero Day Initiative.
This document was written by Katie Steiner.
Other Information
| CVE IDs: | CVE-2007-0446 |
| Severity Metric: | 10.31 |
| Date Public: | 2007-02-08 |
| Date First Published: | 2007-02-26 |
| Date Last Updated: | 2007-03-01 19:44 UTC |
| Document Revision: | 16 |