Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.HP_PERFORMANCE_CENTER_HPESBGN03712.NASL
HistoryMar 22, 2017 - 12:00 a.m.

HP Performance Center < 12.53 Patch 4 libxdrutil.dll mxdr_string() RCE

2017-03-2200:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.162 Low

EPSS

Percentile

96.0%

JSON

The version of HP Performance Center installed on the remote Windows host is prior to 12.53 Patch 4. It is, therefore, affected by a remote code execution vulnerability due to a heap-based buffer overflow condition in the mxdr_string() function in libxdrutil.dll. An unauthenticated, remote attacker can exploit this to execute arbitrary code.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(97889);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id("CVE-2017-5789");
  script_bugtraq_id(96774);
  script_xref(name:"HP", value:"HPESBGN03712");
  script_xref(name:"IAVA", value:"2017-A-0056");
  script_xref(name:"HP", value:"emr_na-hpesbgn03712en_us");
  script_xref(name:"TRA", value:"TRA-2011-05");

  script_name(english:"HP Performance Center < 12.53 Patch 4 libxdrutil.dll mxdr_string() RCE");
  script_summary(english:"Checks the version of HP Performance Center.");

  script_set_attribute(attribute:"synopsis", value:
"A software performance testing application installed on the remote
Windows host is affected by a remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of HP Performance Center installed on the remote Windows
host is prior to 12.53 Patch 4. It is, therefore, affected by a remote
code execution vulnerability due to a heap-based buffer overflow
condition in the mxdr_string() function in libxdrutil.dll. An
unauthenticated, remote attacker can exploit this to execute arbitrary
code.");
  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03712en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7f64b91c");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2017-13");
  script_set_attribute(attribute:"solution", value:
"Upgrade to HP Performance Center version 12.53 Patch 4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5789");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:performance_center");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("hp_performance_center_installed.nbin");
  script_require_keys("installed_sw/HP Performance Center");
  script_require_ports(139, 445);

  exit(0);
}

include('audit.inc');
include('misc_func.inc');
include("install_func.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");

app_name = "HP Performance Center";

install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
path = install['path'];
verui = install['version'];
vuln = FALSE;

fix = '12.53'; # Patch 4

# below 12.53
if (ver_compare(ver:verui, fix:fix, strict:FALSE) < 0)
{
  vuln = TRUE;
}
else if (ver_compare(ver:verui, fix:fix, strict:FALSE) == 0)
{
  file = "LrwNetSocket.dll";
  dll_path = path + "bin\" + file;
  res = hotfix_get_fversion(path:dll_path);
  err_res = hotfix_handle_error(
    error_code   : res['error'],
    file         : dll_path,
    appname      : app_name,
    exit_on_fail : FALSE
  );
  hotfix_check_fversion_end();
  dll_ver = join(sep:'.', res['value']);

  if (empty_or_null(dll_ver))
    audit(AUDIT_VER_FAIL, file + " under " + path + "bin\");

  fixed_dll_ver = '12.53.1982.0';
  if (ver_compare(ver:dll_ver, fix:fixed_dll_ver, strict:FALSE) == -1)
  {
    vuln = TRUE;
  }
}

if (!vuln)
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);

port = kb_smb_transport();
if (!port) port = 445;

order = make_list("Path", "Installed version", "Fixed version");
items = make_array(
  order[0], path,
  order[1], verui,
  order[2], fix + " Patch 4 or later"
);
report = report_items_str(report_items:items, ordered_fields:order);

security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
VendorProductVersionCPE
hpperformance_centercpe:/a:hp:performance_center

Related

nessus 1
openvas 1
cve 1
cvelist 1
zdi 1
nvd 1
checkpoint_advisories 1
prion 1
nessus
nessus
HPE LoadRunner < 12.53 Patch 4 libxdrutil.dll mxdr_string() RCE
2017-03-22 00:00:00
openvas
openvas
HPE LoadRunner 'libxdrutil.dll mxdr_string method' RCE Vulnerability
2017-04-25 00:00:00
cve
cve
CVE-2017-5789
2017-10-13 02:00:00
cvelist
cvelist
CVE-2017-5789
2017-10-13 02:00:00
zdi
zdi
Hewlett Packard Enterprise LoadRunner libxdrutil mxdr_string Heap-based Buffer Overflow Remote Code Execution Vulnerability
2017-03-09 00:00:00
nvd
nvd
CVE-2017-5789
2017-10-11 21:29:00
checkpoint_advisories
checkpoint_advisories
HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow (CVE-2017-5789)
2017-04-30 00:00:00
prion
prion
Heap overflow
2017-10-11 21:29:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.162 Low

EPSS

Percentile

96.0%

JSON
Related for HP_PERFORMANCE_CENTER_HPESBGN03712.NASL
nessus1openvas1cve1cvelist1zdi1nvd1checkpoint_advisories1prion1