Lucene search
SAINT CorporationSAINT:0C0868A0BD3EB1BCA4815B055B7D5160HistoryNov 06, 2009 - 12:00 a.m.
HP Power Manager Remote Code Execution
2009-11-0600:00:00
SAINT Corporation
www.saintcorporation.com
106
0.623 Medium
EPSS
Percentile
97.5%
Added: 11/06/2009
CVE: CVE-2009-2685
BID: 36933
OSVDB: 59684
Background
HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console.
Problem
A stack-based buffer overflow in the HP Power Manager management web server allows remote attackers to execute arbitrary code via the Login variable of the login form.
Resolution
HP’s resolution is to limit access to trusted users.
References
<http://www.zerodayinitiative.com/advisories/ZDI-09-081/>
Limitations
Exploit works on HP Power Manager 4.2.7. Windows patch KB933729 (rpct4.dll version 5.2.3790.4115) must be installed.
Platforms
Windows
Related
checkpoint_advisories
checkpoint_advisories
Update Protection against HP Power Manager Remote Code Execution
2009-11-19 00:00:00
HP Power Manager Remote Code Execution (CVE-2009-2685)
2010-01-31 00:00:00
saint
saint
HP Power Manager Remote Code Execution
2009-11-06 00:00:00
HP Power Manager Remote Code Execution
2009-11-06 00:00:00
HP Power Manager Remote Code Execution
2009-11-06 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_HPPM
2009-11-06 15:30:00
prion
prion
Stack overflow
2009-11-06 15:30:00
packetstorm
packetstorm
HP Power Manager Administration Universal Buffer Overflow
2009-11-17 00:00:00
Hewlett-Packard Power Manager Administration Buffer Overflow.
2009-12-31 00:00:00
zdi
zdi
securityvulns
securityvulns
cve
cve
CVE-2009-2685
2009-11-06 15:30:00
openvas
openvas
nessus
nessus
HP Power Manager < 4.2.10
2010-01-21 00:00:00
HP Power Manager < 4.2.10 Multiple Vulnerabilities
2010-01-22 00:00:00