HP Diagnostics Server Message Packet Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running HP Diagnostics Server and is prone to stack based buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code within the context of the application or cause a denial of service condition. Impact Level: System/Application

Solution

Apply vendor supplied patch from below link, http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_DIAGSRV_00051 ***** NOTE: Ignore this warning if above mentioned patch is installed. *****

Insight

The flaw is due to an error within the magentservice.exe process when parsing crafted message packets sent to TCP port 23472.

Affected

HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21

References

http://osvdb.org/89569
http://secunia.com/advisories/50325
http://www.zerodayinitiative.com/advisories/ZDI-12-162
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03645497

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3278

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
CursorArts ZipWrangler 'ZIP Processing' Buffer Overflow Vulnerability

Take action and discover your vulnerabilities