HP LeftHand Virtual SAN Appliance hydra Ping Hostname Overflow

2013-09-19T00:00:00
ID SAINT:019A96B788F12BFB394E3416618A440A
Type saint
Reporter SAINT Corporation
Modified 2013-09-19T00:00:00

Description

Added: 09/19/2013
CVE: CVE-2012-3285
BID: 57754
OSVDB: 89919

Background

HP LeftHand Virtual SAN Appliance (VSA) software is a VMware certified SAN/storage device and virtual appliance that provides complete SAN functionality for VMware Infrastructure without external SAN hardware.

Problem

HP LeftHand Virtual SAN Appliance software prior to version 10.0 is vulnerable to stack buffer overflow as a result of failure to perform adequate boundary checks on user-supplied input. The vulnerability is in the **LHNModParam** component of the hydra service, which listens on TCP port 13838. When attempting to service an application level ping request, the process fails to properly verify the length of the hostname parameter before copying it to a limited size buffer. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code as the root user.

Resolution

Upgrade HP LeftHand Virtual SAN Appliance software to version 10.0 or newer.

References

<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03661318>
<http://www.zerodayinitiative.com/advisories/ZDI-13-014/>

Limitations

This exploit was tested against HP LeftHand Virtual SAN Appliance 9.0 on CentOS 5.4.

Platforms

Linux