Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.HP_LOADRUNNER_HPESBGN03712.NASL
HistoryMar 22, 2017 - 12:00 a.m.

HPE LoadRunner < 12.53 Patch 4 libxdrutil.dll mxdr_string() RCE

2017-03-2200:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
102

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.162 Low

EPSS

Percentile

96.0%

JSON

The version of HP LoadRunner installed on the remote Windows host is prior to 12.53 patch 4. It is, therefore, affected by a remote code execution vulnerability due to a heap-based buffer overflow condition in the mxdr_string() function in libxdrutil.dll. An unauthenticated, remote attacker can exploit this to execute arbitrary code.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(97888);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id("CVE-2017-5789");
  script_bugtraq_id(96774);
  script_xref(name:"HP", value:"HPESBGN03712");
  script_xref(name:"IAVA", value:"2017-A-0055");
  script_xref(name:"HP", value:"emr_na-hpesbgn03712en_us");
  script_xref(name:"TRA", value:"TRA-2011-05");
  script_xref(name:"ZDI", value:"ZDI-17-160");

  script_name(english:"HPE LoadRunner < 12.53 Patch 4 libxdrutil.dll mxdr_string() RCE");
  script_summary(english:"Checks the version of HP LoadRunner.");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by a
remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of HP LoadRunner installed on the remote Windows host is
prior to 12.53 patch 4. It is, therefore, affected by a remote code
execution vulnerability due to a heap-based buffer overflow condition
in the mxdr_string() function in libxdrutil.dll. An unauthenticated,
remote attacker can exploit this to execute arbitrary code.");
  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03712en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7f64b91c");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2017-13");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-17-160/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to HP LoadRunner version 12.53 patch 4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5789");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:loadrunner");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("hp_loadrunner_installed.nasl");
  script_require_keys("installed_sw/HP LoadRunner");
  script_require_ports(139, 445);

  exit(0);
}

include('audit.inc');
include('misc_func.inc');
include("install_func.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");

app_name = "HP LoadRunner";

install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
path = install['path'];
verui = install['display_version'];
vuln = FALSE;
note = '';

fix = '12.53'; # Patch 4

# below 12.53
if (ver_compare(ver:verui, fix:fix, strict:FALSE) < 0)
{
  vuln = TRUE;
}
else if (ver_compare(ver:verui, fix:fix, strict:FALSE) == 0)
{
  file = "LrwNetSocket.dll";
  dll_path = path + "bin\" + file;
  res = hotfix_get_fversion(path:dll_path);
  err_res = hotfix_handle_error(
    error_code   : res['error'],
    file         : dll_path,
    appname      : app_name,
    exit_on_fail : FALSE
  );
  hotfix_check_fversion_end();
  dll_ver = join(sep:'.', res['value']);

  if (empty_or_null(dll_ver))
    audit(AUDIT_VER_FAIL, file + " under " + path + "bin\");

  fixed_dll_ver = '12.53.1982.0';
  if (ver_compare(ver:dll_ver, fix:fixed_dll_ver, strict:FALSE) == -1)
  {
    vuln = TRUE;
  }
}

if (!vuln)
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);

port = kb_smb_transport();
if (!port) port = 445;

order = make_list("Path", "Installed version", "Fixed version");
items = make_array(
  order[0], path,
  order[1], verui,
  order[2], fix + " Patch 4 or later"
);
report = report_items_str(report_items:items, ordered_fields:order);

security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
VendorProductVersionCPE
hploadrunnercpe:/a:hp:loadrunner

Related

nessus 1
nvd 1
zdi 1
openvas 1
cve 1
cvelist 1
checkpoint_advisories 1
prion 1
nessus
nessus
HP Performance Center < 12.53 Patch 4 libxdrutil.dll mxdr_string() RCE
2017-03-22 00:00:00
nvd
nvd
CVE-2017-5789
2017-10-11 21:29:00
zdi
zdi
Hewlett Packard Enterprise LoadRunner libxdrutil mxdr_string Heap-based Buffer Overflow Remote Code Execution Vulnerability
2017-03-09 00:00:00
openvas
openvas
HPE LoadRunner 'libxdrutil.dll mxdr_string method' RCE Vulnerability
2017-04-25 00:00:00
cve
cve
CVE-2017-5789
2017-10-13 02:00:00
cvelist
cvelist
CVE-2017-5789
2017-10-13 02:00:00
checkpoint_advisories
checkpoint_advisories
HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow (CVE-2017-5789)
2017-04-30 00:00:00
prion
prion
Heap overflow
2017-10-11 21:29:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.162 Low

EPSS

Percentile

96.0%

JSON
Related for HP_LOADRUNNER_HPESBGN03712.NASL
nessus1nvd1zdi1openvas1cve1cvelist1checkpoint_advisories1prion1