SAINT CorporationSAINT:63C6922554C9283CC8E291BEEA2301BCHP Intelligent Management Center iNodeMngChecker.exe Buffer Overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.837 High
EPSS
Percentile
98.1%
Added: 10/14/2011
CVE: CVE-2011-1867
BID: 48527
OSVDB: 73597
Background
HP Intelligent Management Center, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. The **iNodeMngChecker.exe** component listens, by default, on port 9090/tcp.
Problem
HP Intelligent Management Center’s **iNodeMngChecker.exe** component is vulnerable to remote code execution in the context of the SYSTEM user as a result of a stack buffer overflow caused by improper bounds checking when handling the 0x0A0BF007 packet type.
Resolution
Apply updates as identified in HP Security Bulletin HPSB3C02687 SSRT100377.
References
<http://www.zerodayinitiative.com/advisories/ZDI-11-232/>
Limitations
Exploit works on HP iNode Management Center 5.0 E0101.
The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from <http://www.cpan.org/modules/by-module/IO/>.
Platforms
Windows
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.837 High
EPSS
Percentile
98.1%