HP Diagnostics Server Message Packet Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running HP Diagnostics Server and is prone to stack based buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code within the context of the application or cause a denial of service condition. Impact Level: System/Application

Solution

Apply vendor supplied patch from below link, http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_DIAGSRV_00051 ***** NOTE: Ignore this warning if above mentioned patch is installed. *****

Insight

The flaw is due to an error within the magentservice.exe process when parsing crafted message packets sent to TCP port 23472.

Affected

HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21

References

http://osvdb.org/89569
http://secunia.com/advisories/50325
http://www.zerodayinitiative.com/advisories/ZDI-12-162
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03645497

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3278
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
Apple QuickTime Multiple Vulnerabilities - Sep09
Adobe Reader Buffer Overflow Vulnerability Sep09 (Win)
Asterisk HTTP Manager Buffer Overflow Vulnerability
Buffer Overflow Vulnerability in Adobe Reader (Linux)

Take action and discover your vulnerabilities