HP Diagnostics magentservice.exe Malformed Packet Parsing Vulnerability

2012-10-12T00:00:00
ID SAINT:D823A9EF888B4A4F68BD01F8D98797FA
Type saint
Reporter SAINT Corporation
Modified 2012-10-12T00:00:00

Description

Added: 10/12/2012
BID: 55159
OSVDB: 84855

Background

HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments.

Problem

HP Diagnostics Server has a buffer overflow vulnerability in the **magentservice.exe** process that could allow unauthenticated remote attackers to execute arbitrary code in the context of the SYSTEM user. The **magentservice.exe** process listens on port 23472 by default.

Resolution

A patch is not available at the time of publication. Limit access to TCP port 23472.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-162/>

Limitations

This exploit was tested against HP Diagnostics Server 9.20 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2644615.

Exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from <http://www.cpan.org/modules/by-module/IO/>.

Platforms

Windows