Lucene search

SAINT CorporationSAINT:21504DE164C49A125889B293631790AE

HistoryAug 20, 2012 - 12:00 a.m.

HP Operations Agent Opcode 0x8c vulnerability

2012-08-2000:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.5%

JSON

Added: 08/20/2012
CVE: CVE-2012-2020
BID: 54362
OSVDB: 83674

Background

HP Operations Agents is a fault and performance monitoring solution for servers.

Problem

A buffer overflow vulnerability in the **coda.exe** process, which listens on a random TCP port, could allow remote attackers to execute arbitrary code by sending a specially crafted GET request.

Resolution

Apply the patch referenced in HPSBMU02796 SSRT100594.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-115/>

Limitations

This exploit has been tested against HP Operations Agent 11.00 on Windows Server 2003 SP2 English (DEP OptOut).

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.5%

JSON

Related for SAINT:21504DE164C49A125889B293631790AE