HP Power Manager Login Form Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is running HP Power Manager and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow users to cause a Denial of Service condition. Impact Level: Application

Solution

Upgrade to HP Power Manager (HPPM) 4.3.2 or later, For updates refer to http://h18000.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/index.html

Insight

The flaw is due to a boundary error when processing URL parameters passed to the login form of the management web server. It can be exploited to cause a stack-based buffer overflow via a specially crafted 'Login' variable.

Affected

HP Power Manager (HPPM) before 4.3.2

References

http://marc.info/?l=bugtraq&m=129251322532373&w=2
http://secunia.com/advisories/42644
http://securitytracker.com/alerts/2010/Dec/1024902.html
http://www.zerodayinitiative.com/advisories/ZDI-10-292/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4113
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ActivePerl perlIS.dll Buffer Overflow
b2ePMS Multiple SQL Injection Vulnerabilities
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
A-Blog 'sources/search.php' SQL Injection Vulnerability
Alchemy Eye HTTP Command Execution

Take action and discover your vulnerabilities