SSRT100139

42644

1024902

http://www.zerodayinitiative.com/advisories/ZDI-10-292/

Versions of HP Powere Manager earlier than 4.3.2 are potentially affected by a buffer overflow vulnerability because the application fails to properly sanitize user supplied in put to the 'Login' parameter of the login page.  An unauthenticated, remote attacker could exploit this by sending a specially crafted HTTP request, resulting in arbitrary code execution.

The installed version of HP Power Manager is less than 4.3.2, and as such has a buffer overflow vulnerability.  Input to the 'Login' parameter of the login page is not properly sanitized, which can result in a stack-based buffer overflow.

An unauthenticated, remote attacker could exploit this by sending a specially crafted HTTP request, resulting in arbitrary code execution.

ID	Name	Product	Family	Severity
5736	HP Power Manager < 4.3.2 Buffer Overflow Vulnerability	Nessus Network Monitor	CGI	critical
51200	HP Power Manager < 4.3.2	Nessus	CGI abuses	critical

CVE-2010-4113

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical