HP Intelligent Management Center uam.exe Stack Buffer Overflow

2012-09-26T00:00:00
ID SAINT:DCBE37297BAA97C231A90FBB1B89AD96
Type saint
Reporter SAINT Corporation
Modified 2012-09-26T00:00:00

Description

Added: 09/26/2012
BID: 55271
OSVDB: 85060

Background

HP Intelligent Management Center, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. The User Access Manager (UAM) module (**uam.exe**) manages the discovery, provisioning, and monitoring of endpoints and users, including authentication and authorization for endpoints accessing the network edge. The UAM listens, by default, on port 1811/udp.

Problem

The UAM component (**uam.exe**) is vulnerable to a stack buffer overflow as a result of logging to a file using sprintf without verifying the size of the destination buffer is adequate to store the logged data. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Resolution

Restrict interaction with the UAM service to trusted machines until HP releases a patch or upgrade.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-171/>

Limitations

This exploit was tested against HP Intelligent Management Center User Access Manager 5.0 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows