You are here

U-216: HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code

July 19, 2012 - 7:14am

Addthis

PROBLEM:

HP StorageWorks File Migration Agent Buffer Overflows Let Remote Users Execute Arbitrary Code

PLATFORM:

HP StorageWorks File Migration Agent

ABSTRACT:

Two vulnerabilities were reported in HP StorageWorks File Migration Agent.

reference LINKS:

SecurityTracker Alert ID: 1027281
ZDI-12-127
ZDI-12-126

IMPACT ASSESSMENT:

High

Discussion:

The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability.

1. (ZDI-12-127) The specific flaw exists within the HsmCfgSvc.exe service which listens by default on TCP port 9111. When processing FTP archives the process does not properly validate the size of the root path specified and proceeds to copy the string into a fixed-length buffer on the stack. This can be exploited to execute arbitrary remote code under the context of the running service.

2. (ZDI-12-126) The specific flaw exists within the HsmCfgSvc.exe service which listens by default on TCP port 9111. When processing CIFS archives the process does not properly validate the size of the archive name and proceeds to copy the string into a fixed-length buffer on the stack. This can be exploited to execute arbitrary remote code under the context of the running service.

Impact:

A remote user can execute arbitrary code on the target system.

Solution:

No solution was available at the time of this entry.
 

Addthis