HP Intelligent Management Center mibFileUpload Servlet Unrestricted File Creation

2013-04-05T00:00:00
ID SAINT:054ECADC4A6FD3F58EB1E4B9DF76C52D
Type saint
Reporter SAINT Corporation
Modified 2013-04-05T00:00:00

Description

Added: 04/05/2013
CVE: CVE-2012-5201
BID: 58385
OSVDB: 91026

Background

HP Intelligent Management Center (IMC), also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities.

Problem

HP IMC 5.1 E0202 and earlier is vulnerable to remote code execution as a result of the **mibFileUpload** servlet allowing an unauthenticated remote attacker to create arbitrary files on the vulnerable server. A successful attacker could execute arbitrary code on the server in the context of the SYSTEM user.

Resolution

Apply updates as directed in HP Security Bulletin HPSBGN02854 SSRT100881.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-050/>

Limitations

This exploit was tested against HP Intelligent Management Center v5.1 E0202 on Windows Server 2003 SP2 English and Windows Server 2008 SP2 with DEP OptOut.

The Perl module **Archive::Zip** is required to run the exploit.

Platforms

Windows