Computer Security
[EN] securityvulns.ru no-pyccku


HP Intelligent Management Center multiple security vulnerabilities
Published:11.05.2011
Source:
SecurityVulns ID:11665
Type:remote
Threat Level:
7/10
Description:Multiple vulnerabilities in different components lead to remote code execution.
CVE:CVE-2011-1854 (Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.)
 CVE-2011-1853 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.)
 CVE-2011-1852 (Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.)
 CVE-2011-1851 (Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.)
 CVE-2011-1850 (Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.)
 CVE-2011-1849 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.)
 CVE-2011-1848 (Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.)
Original documentdocumentZDI, ZDI-11-163: HP 3COM/H3C Intelligent Management Center tftpserver mode Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-166: HP 3COM/H3C Intelligent Management Center imcsyslogdm Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-162: HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-161: HP 3COM/H3C Intelligent Management Center tftpserver WRQ Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-160: HP 3COM/H3C Intelligent Management Center img Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-164: HP 3COM/H3C Intelligent Management Center tftpserver DATA/ERROR Remote Code Execution Vulnerability (11.05.2011)
 documentHP, [security bulletin] HPSBGN02680 SSRT100361 rev.1 - HP Intelligent Management Center (IMC), Remote Execution of Arbitrary Code (11.05.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod